Wpgraphql Security Vulnerabilities and Issues — Wpgraphql CVE List

Lucene search

WpengineWpgraphql

5 matches found

CVE•added 2023/11/13 3:15 a.m.•2576 views

CVE-2023-23684

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

6.5CVSS5.5AI score0.00131EPSS

CVE•added 2019/06/10 6:29 p.m.•95 views

CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

9.8CVSS9.3AI score0.60924EPSS

CVE•added 2019/06/10 6:29 p.m.•88 views

CVE-2019-9881

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.

5.3CVSS5.6AI score0.21595EPSS

CVE•added 2019/06/10 6:29 p.m.•82 views

CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

9.1CVSS9.1AI score0.4896EPSS

CVE•added 2024/01/16 4:15 p.m.•67 views

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.

5.3CVSS5.4AI score0.0049EPSS