EPSS
Percentile
92.1%
wp-graphql/wp-graphql is vulnerable to information disclosure. The attacker can get all the information about wordpress users such as email address, role and username just by querying current user’s RootQuery.
github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0
wpvulndb.com/vulnerabilities/9282
www.pentestpartners.com/security-blog/pwning-wordpress-graphql/