Unrated severityNVD Advisory· Published Jun 10, 2019· Updated Nov 15, 2024
CVE-2019-9880
CVE-2019-9880
Description
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WPGraphQLdescription
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.htmlmitrex_refsource_MISC
- github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.pymitrex_refsource_MISC
- github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0mitrex_refsource_CONFIRM
- wpvulndb.com/vulnerabilities/9282mitrex_refsource_MISC
- www.pentestpartners.com/security-blog/pwning-wordpress-graphql/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.