Vulnerabilities (CVE)

Filtered by vendor Wpgraphql Subscribe

Filtered by product Wpgraphql

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-25060	1 Wpgraphql	1 Wpgraphql	2022-05-17	5.0 MEDIUM	5.3 MEDIUM
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
CVE-2019-9881	1 Wpgraphql	1 Wpgraphql	2019-06-11	5.0 MEDIUM	5.3 MEDIUM
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.