89 matches found
CVE-2026-33290
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...
EUVD-2026-14666
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...
CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...
CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...
CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
WordPress WPGraphQL Smart Cache plugin < 2.0.1 - Unauthenticated Private Content Disclosure vulnerability
Unauthenticated Private Content Disclosure vulnerability discovered by WPscan in WordPress Plugin WPGraphQL Smart Cache versions 2.0.1...
EUVD-2023-1773
Malicious code in bioql PyPI...
CVE-2023-23684
Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...
CVE-2022-1563
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...
CVE-2019-25060
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...
CVE-2022-1563
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...
Design/Logic Flaw
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...
CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...
CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...
CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...