Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wpgraphql Subscribe
Filtered by product Wpgraphql
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25060 1 Wpgraphql 1 Wpgraphql 2022-05-17 5.0 MEDIUM 5.3 MEDIUM
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
CVE-2019-9881 1 Wpgraphql 1 Wpgraphql 2019-06-11 5.0 MEDIUM 5.3 MEDIUM
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
CVE-2019-9879 1 Wpgraphql 1 Wpgraphql 2019-06-11 7.5 HIGH 9.8 CRITICAL
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
CVE-2019-9880 1 Wpgraphql 1 Wpgraphql 2019-06-11 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.