Wpgraphql
by Wpengine
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-23684 | Med | 0.22 | 4.4 | 0.00 | Nov 13, 2023 | Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | ||
| CVE-2019-9879 | 0.09 | — | 0.47 | Jun 10, 2019 | The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | |||
| CVE-2019-9881 | 0.06 | — | 0.19 | Jun 10, 2019 | The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | |||
| CVE-2019-9880 | 0.02 | — | 0.35 | Jun 10, 2019 | An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. |
- risk 0.22cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
- CVE-2019-9879Jun 10, 2019risk 0.09cvss —epss 0.47
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
- CVE-2019-9881Jun 10, 2019risk 0.06cvss —epss 0.19
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
- CVE-2019-9880Jun 10, 2019risk 0.02cvss —epss 0.35
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.