CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.7%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/wp-graphql/wp-graphql/pull/900
https://wpscan.com/vulnerability/393be73a-f8dc-462f-8670-f20ab89421fc
https://github.com/wp-graphql/wp-graphql/pull/900
https://wpscan.com/vulnerability/393be73a-f8dc-462f-8670-f20ab89421fc

Products affected by CVE-2019-25060

Wpgraphql » Wpgraphql » Version: 0.2.3

cpe:2.3:a:wpgraphql:wpgraphql:0.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25060

Products

Pricing

Contact Us