Lucene search
K
WpengineWpgraphql

5 matches found

CVE
CVE
added 2023/11/13 3:1 a.m.2588 views

CVE-2023-23684

WPGraphQL

6.5CVSS6.9AI score0.0045EPSS
CVE
CVE
added 2019/06/10 5:28 p.m.125 views

CVE-2019-9879

CVE-2019-9879 affects WordPress WPGraphQL 0.2.3, where the registerUser mutation can allow remote attackers to create a new admin user when registrations are open. This leads to full site control via admin access. The core issue is an authentication/authorization bypass in WPGraphQL, enabling use...

9.8CVSS9.3AI score0.46614EPSS
CVE
CVE
added 2019/06/10 5:37 p.m.125 views

CVE-2019-9881

Summary (CVE-2019-9881): WPGraphQL 0.2.3 for WordPress allows unauthenticated users to post comments via the createComment mutation even when comments are disabled. This is evidenced by the Nuclei template for CVE-2019-9881 (and corroborating sources) which describe unauthenticated comment postin...

5.3CVSS5.6AI score0.18832EPSS
CVE
CVE
added 2019/06/10 5:32 p.m.105 views

CVE-2019-9880

WPGraphQL 0.2.3 (WordPress) exposes an unauthenticated information-disclosure via the RootQuery for “users,” allowing retrieval of all WordPress users’ email addresses, usernames, and roles. This vulnerability stems from inadequate access controls in the WPGraphQL plugin, enabling an attacker to ...

9.1CVSS9.1AI score0.34761EPSS
CVE
CVE
added 2024/01/16 3:50 p.m.86 views

CVE-2022-1563

CVE-2022-1563 affects the WordPress plugin WPGraphQL WooCommerce up to version 0.12.3 (prior to 0.12.4). The vulnerability allows unauthenticated attackers to enumerate a store’s coupon codes and values via GraphQL, exposing sensitive coupon data. This is a graphQL-accessible information disclosu...

5.3CVSS5.4AI score0.00724EPSS
Web