Wpgraphql

wpgraphql

Vendor: Wpengine • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1563 1Wpengine 1Wpgraphql Jun 20, 2025 Jan 16, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.
CVE-2023-23684 1Wpengine 1Wpgraphql Apr 28, 2026 Nov 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
CVE-2019-9881 1Wpengine 1Wpgraphql Nov 21, 2024 Jun 10, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
CVE-2019-9880 1Wpengine 1Wpgraphql Nov 21, 2024 Jun 10, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role...Show more An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.Show less
CVE-2019-9879 1Wpengine 1Wpgraphql Nov 21, 2024 Jun 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.