Wpengine

Wpgraphql

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2022-1563

Exploit
  • EPSS 0.57%
  • Published 16.01.2024 16:15:09
  • Last modified 21.11.2024 06:40:58

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.

6.5

CVE-2023-23684

  • EPSS 0.13%
  • Published 13.11.2023 03:15:07
  • Last modified 21.11.2024 07:46:39

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

9.8

CVE-2019-9879

Exploit
  • EPSS 60.92%
  • Published 10.06.2019 18:29:01
  • Last modified 21.11.2024 04:52:29

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

9.1

CVE-2019-9880

Exploit
  • EPSS 48.59%
  • Published 10.06.2019 18:29:01
  • Last modified 21.11.2024 04:52:29

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

5.3

CVE-2019-9881

Exploit
  • EPSS 19.24%
  • Published 10.06.2019 18:29:01
  • Last modified 21.11.2024 04:52:30

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.