Medium severity4.4NVD Advisory· Published Nov 13, 2023· Updated Apr 28, 2026
CVE-2023-23684
CVE-2023-23684
Description
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wp-graphql/wp-graphqlPackagist | < 1.14.6 | 1.14.6 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-cfh4-7wq9-6pggghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-23684ghsaADVISORY
- patchstack.com/database/vulnerability/wp-graphql/wordpress-wp-graphql-plugin-1-14-5-server-side-request-forgery-ssrf-vulnerabilitynvdThird Party AdvisoryWEB
- github.com/wp-graphql/wp-graphql/pull/2840ghsaWEB
- github.com/wp-graphql/wp-graphql/releases/tag/v1.14.6ghsaWEB
- github.com/wp-graphql/wp-graphql/security/advisories/GHSA-cfh4-7wq9-6pggghsaWEB
News mentions
0No linked articles in our index yet.