CVE-2026-40762
- EPSS 0.25%
- Veröffentlicht 15.06.2026 20:18:13
- Zuletzt bearbeitet 15.06.2026 21:24:32
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
CVE-2021-47959
- EPSS 0.45%
- Veröffentlicht 15.05.2026 18:36:28
- Zuletzt bearbeitet 18.05.2026 17:05:46
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL e...
CVE-2025-68604
- EPSS 0.09%
- Veröffentlicht 07.05.2026 07:40:27
- Zuletzt bearbeitet 07.05.2026 14:00:48
Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.
CVE-2026-27938
- EPSS 0.79%
- Veröffentlicht 26.02.2026 01:10:26
- Zuletzt bearbeitet 15.04.2026 00:35:42
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the `wp-graphql/wp-graphql` repository contains a GitHub Actions workflow (`release.yml`) vulnerable to OS command injection through direct use of `${{ github.event.pull_re...
CVE-2019-25060
- EPSS 1.73%
- Veröffentlicht 09.05.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 04:39:51
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on t...