VYPR

Wp Graphql

by Wp Graphql

Source repositories

CVEs (4)

  • CVE-2021-47959HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.00

    WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field…

  • CVE-2026-27938HigFeb 26, 2026
    risk 0.43cvss 7.7epss 0.01

    WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the `wp-graphql/wp-graphql` repository contains a GitHub Actions workflow (`release.yml`) vulnerable to OS command injection through direct use of `${{ github.event.pull_request.body }}` inside a…

  • CVE-2025-68604MedMay 7, 2026
    risk 0.28cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.

  • CVE-2026-33290MedMar 24, 2026
    risk 0.21cvss 4.3epss 0.00

    WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero capabilities) to change moderation status of their own comment (for example to…