← Back

Wpgraphql

wpgraphql

Vendor: Wpgraphql • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25060
1Wpgraphql
1Wpgraphql
Nov 21, 2024
May 9, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the ac...Show more
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.Show less