Lucene search
K

89 matches found

CVE
CVE
added 2024/01/16 3:50 p.m.83 views

CVE-2022-1563

CVE-2022-1563 affects the WordPress plugin WPGraphQL WooCommerce up to version 0.12.3 (prior to 0.12.4). The vulnerability allows unauthenticated attackers to enumerate a store’s coupon codes and values via GraphQL, exposing sensitive coupon data. This is a graphQL-accessible information disclosu...

5.3CVSS5.4AI score0.00724EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2023/11/13 3:15 a.m.28 views

CVE-2023-23684

Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...

6.5CVSS0.00437EPSS
Exploits0References1
OSV
OSV
added 2023/11/13 3:15 a.m.32 views

CVE-2023-23684

Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...

6.5CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2023/11/13 3:15 a.m.25 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...

4CVSS7.4AI score0.00437EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/13 3:1 a.m.2585 views

CVE-2023-23684

WPGraphQL

6.5CVSS6.9AI score0.00437EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/13 3:1 a.m.27 views

CVE-2023-23684 WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...

4.4CVSS6.7AI score0.00437EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/13 12:0 a.m.4 views

WordPress Plugin WPGraphQL Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.5AI score0.00437EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/06/30 8:35 p.m.30 views

WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)

Impact Users with capabilities to upload media editors and above are succeptible to SSRF Server-Side Request Forgery when executing the createMediaItem Mutation. Authenticated users making GraphQL requests that execute the createMediaItem could pass executable paths in the mutations filePath...

6.5CVSS7AI score0.00437EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/30 8:35 p.m.33 views

GHSA-CFH4-7WQ9-6PGG WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)

Impact Users with capabilities to upload media editors and above are succeptible to SSRF Server-Side Request Forgery when executing the createMediaItem Mutation. Authenticated users making GraphQL requests that execute the createMediaItem could pass executable paths in the mutations filePath...

6.5CVSS6.7AI score0.00437EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.5 views

PT-2023-19128 · WordPress · Wpgraphql

Name of the Vulnerable Software and Affected Versions: WPGraphQL versions 1.14.5 and earlier Description: A Server-Side Request Forgery SSRF issue affects WPGraphQL, allowing authenticated users with media upload capabilities to execute the createMediaItem mutation and potentially gain unwarrante...

6.5CVSS6.9AI score0.00437EPSS
Exploits0References10
Patchstack
Patchstack
added 2023/06/28 12:0 a.m.15 views

WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)

Software WPGraphQL Type Plugin Vulnerable versions = 1.14.5 Fixed in 1.14.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-23684 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID b0a8de3a4ab4 Credits Ravi Dharmawan Required privilege...

6.5CVSS6.8AI score0.00437EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/07/26 12:0 a.m.24 views

WordPress WPGraphQL WooCommerce plugin <= 0.11.0 - Unauthenticated Coupon Codes Disclosure vulnerability

Unauthenticated Coupon Codes Disclosure vulnerability discovered by Rohan Pagey in WordPress WPGraphQL WooCommerce plugin versions = 0.11.0. Solution No patched version available...

2.5AI score0.00724EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2022/05/12 12:0 a.m.29 views

WordPress plugin WPGraphQL access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WPGraphQL versions prior to 0.3.5 are vulnerable to an access control error that...

5.3CVSS1.4AI score0.01766EPSS
Exploits1References1
NVD
NVD
added 2022/05/09 5:15 p.m.9 views

CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...

5.3CVSS0.01766EPSS
Exploits1References2
OSV
OSV
added 2022/05/09 5:15 p.m.11 views

CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...

5.3CVSS5.2AI score
Exploits0References2
Prion
Prion
added 2022/05/09 5:15 p.m.11 views

Design/Logic Flaw

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...

5CVSS5.1AI score0.01766EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/09 4:50 p.m.2117 views

CVE-2019-25060

The CVE-2019-25060 entry concerns the WPGraphQL WordPress plugin prior to version 0.3.5, where an improper access-control flaw allows a remote attacker to forge a GraphQL query that retrieves the account roles of every user on the site. This affects the confidentiality of user role information; n...

5.3CVSS5.1AI score0.01766EPSS
Exploits1References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/05/02 12:0 a.m.0 views

WordPress WPGraphQL Plugin Denial of Service

A denial of service vulnerability exists in WordPress WPGraphQL Plugin. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

4.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/27 12:0 a.m.237 views

WordPress WPGraphQL 1.3.5 Denial Of Service

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/27 12:0 a.m.42 views

WordPress WPGraphQL 1.3.5 Plugin - Denial of Service Exploit

Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors...

7.4AI score
Exploits0
Rows per page
Query Builder