89 matches found
CVE-2022-1563
CVE-2022-1563 affects the WordPress plugin WPGraphQL WooCommerce up to version 0.12.3 (prior to 0.12.4). The vulnerability allows unauthenticated attackers to enumerate a store’s coupon codes and values via GraphQL, exposing sensitive coupon data. This is a graphQL-accessible information disclosu...
CVE-2023-23684
Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...
CVE-2023-23684
Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...
CVE-2023-23684
WPGraphQL
CVE-2023-23684 WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)
Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...
WordPress Plugin WPGraphQL Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)
Impact Users with capabilities to upload media editors and above are succeptible to SSRF Server-Side Request Forgery when executing the createMediaItem Mutation. Authenticated users making GraphQL requests that execute the createMediaItem could pass executable paths in the mutations filePath...
GHSA-CFH4-7WQ9-6PGG WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)
Impact Users with capabilities to upload media editors and above are succeptible to SSRF Server-Side Request Forgery when executing the createMediaItem Mutation. Authenticated users making GraphQL requests that execute the createMediaItem could pass executable paths in the mutations filePath...
PT-2023-19128 · WordPress · Wpgraphql
Name of the Vulnerable Software and Affected Versions: WPGraphQL versions 1.14.5 and earlier Description: A Server-Side Request Forgery SSRF issue affects WPGraphQL, allowing authenticated users with media upload capabilities to execute the createMediaItem mutation and potentially gain unwarrante...
WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)
Software WPGraphQL Type Plugin Vulnerable versions = 1.14.5 Fixed in 1.14.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-23684 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID b0a8de3a4ab4 Credits Ravi Dharmawan Required privilege...
WordPress WPGraphQL WooCommerce plugin <= 0.11.0 - Unauthenticated Coupon Codes Disclosure vulnerability
Unauthenticated Coupon Codes Disclosure vulnerability discovered by Rohan Pagey in WordPress WPGraphQL WooCommerce plugin versions = 0.11.0. Solution No patched version available...
WordPress plugin WPGraphQL access control error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WPGraphQL versions prior to 0.3.5 are vulnerable to an access control error that...
CVE-2019-25060
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...
CVE-2019-25060
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...
Design/Logic Flaw
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...
CVE-2019-25060
The CVE-2019-25060 entry concerns the WPGraphQL WordPress plugin prior to version 0.3.5, where an improper access-control flaw allows a remote attacker to forge a GraphQL query that retrieves the account roles of every user on the site. This affects the confidentiality of user role information; n...
WordPress WPGraphQL Plugin Denial of Service
A denial of service vulnerability exists in WordPress WPGraphQL Plugin. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
WordPress WPGraphQL 1.3.5 Denial Of Service
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...
WordPress WPGraphQL 1.3.5 Plugin - Denial of Service Exploit
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors...