Lucene search
Simone QuatriniWPVDB-ID:2D451C89-91CE-4151-B3FB-56AF15869644HistoryMay 08, 2019 - 12:00 a.m.
WPGraphQL <= 0.2.3 - Multiple Vulnerabilities
2019-05-0800:00:00
Simone Quatrini
wpscan.com
5
EPSS
0.451
Percentile
97.4%
Without authorisation, weak access controls allow us to: * Create administrative users * Post comments on articles bypassing article restrictions and global moderation * Retrieve content of password-protected posts/articles/pages * Retrieve full list of registered users in the platform * Retrieve full list of media, comments, themes and plugins with one simple request The test was performed locally using WordPress 5.1.1 and WPGraphQL 0.2.3
Related
checkpoint_advisories
checkpoint_advisories
packetstorm
packetstorm
WordPress WPGraphQL 0.2.3 Authentication Bypass / Information Disclosure
2019-05-21 00:00:00
zdt
zdt
WordPress WPGraphQL 0.2.3 Plugin - Multiple Vulnerabilities
2019-05-21 00:00:00
exploitdb
exploitdb
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
2019-05-21 00:00:00
prion
prion
Code injection
2019-06-10 18:29:00
Design/Logic Flaw
2019-06-10 18:29:00
Design/Logic Flaw
2019-06-10 18:29:00
cvelist
cvelist
nvd
nvd
osv
osv
cve
cve
veracode
veracode
Information Disclosure
2019-06-11 05:57:15