Wpengine Wpgraphql vulnerabilities

CVE-2022-1563 [MEDIUM] CWE-284 CVE-2022-1563: The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.

CVE-2023-23684 [MEDIUM] CWE-918 CVE-2023-23684: Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

CVE-2019-9879 [CRITICAL] CWE-306 CVE-2019-9879: The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin p The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

CVE-2019-9880 [CRITICAL] CWE-306 CVE-2019-9880: An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQue An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

CVE-2019-9881 [MEDIUM] CWE-306 CVE-2019-9881: The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.