Description

WordPress Plugin WPGraphQL is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create administrative users, post comments on articles bypassing article restrictions and global moderation, retrieve content of password-protected posts/articles/pages, retrieve full list of registered users, or retrieve full list of media, comments, themes and plugins. WordPress Plugin WPGraphQL version 0.2.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 0.3.0 or latest

References

Related Vulnerabilities