Wpengine: >> Wpgraphql Security Vulnerabilities
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-01-16
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-11-13
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
CVSS Score
9.8
EPSS Score
0.55
Published
2019-06-10
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
CVSS Score
9.1
EPSS Score
0.434
Published
2019-06-10
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
CVSS Score
5.3
EPSS Score
0.215
Published
2019-06-10