CVE-2023-23684Server-Side Request Forgery in Wpgraphql

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Wp-graphqlWpgraphqlWpengine Wpgraphql
Timeline
Latest updateJun 30
PublishedNov 13

Description

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDwpengine/wpgraphql1.14.5
CVEListV5wpgraphql/wpgraphqln/a1.14.5
Packagistwp-graphql/wp-graphql< 1.14.6

🔴Vulnerability Details

2
GHSA
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)2023-06-30
OSV
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)2023-06-30