Wpgraphql Security Vulnerabilities and Issues — Wpgraphql CVE List

WpengineWpgraphql

5 matches found

CVE•added 2023/11/13 3:1 a.m.•2582 views

CVE-2023-23684

WPGraphQL

6.5CVSS6.9AI score0.00174EPSS

CVE•added 2019/06/10 5:28 p.m.•116 views

CVE-2019-9879

CVE-2019-9879 affects WordPress WPGraphQL 0.2.3, where the registerUser mutation can allow remote attackers to create a new admin user when registrations are open. This leads to full site control via admin access. The core issue is an authentication/authorization bypass in WPGraphQL, enabling use...

9.8CVSS9.3AI score0.76189EPSS

CVE•added 2019/06/10 5:37 p.m.•108 views

CVE-2019-9881

Summary (CVE-2019-9881): WPGraphQL 0.2.3 for WordPress allows unauthenticated users to post comments via the createComment mutation even when comments are disabled. This is evidenced by the Nuclei template for CVE-2019-9881 (and corroborating sources) which describe unauthenticated comment postin...

5.3CVSS5.6AI score0.32935EPSS

CVE•added 2019/06/10 5:32 p.m.•100 views

CVE-2019-9880

WPGraphQL 0.2.3 (WordPress) exposes an unauthenticated information-disclosure via the RootQuery for “users,” allowing retrieval of all WordPress users’ email addresses, usernames, and roles. This vulnerability stems from inadequate access controls in the WPGraphQL plugin, enabling an attacker to ...

9.1CVSS9.1AI score0.72894EPSS

CVE•added 2024/01/16 3:50 p.m.•81 views

CVE-2022-1563

CVE-2022-1563 affects the WordPress plugin WPGraphQL WooCommerce up to version 0.12.3 (prior to 0.12.4). The vulnerability allows unauthenticated attackers to enumerate a store’s coupon codes and values via GraphQL, exposing sensitive coupon data. This is a graphQL-accessible information disclosu...

5.3CVSS5.4AI score0.00568EPSS

Web