Vulnerabilities > CVE-2019-25060 - Unspecified vulnerability in Wpgraphql 0.2.3

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wpgraphql

NVD

Published: 2022-05-09

Updated: 2024-11-21

Summary

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.

Vulnerable Configurations

Part	Description	Count
Application	Wpgraphql Wpgraphql Wpgraphql 0.2.3	1

References

https://github.com/wp-graphql/wp-graphql/pull/900
https://github.com/wp-graphql/wp-graphql/pull/900
https://wpscan.com/vulnerability/393be73a-f8dc-462f-8670-f20ab89421fc
https://wpscan.com/vulnerability/393be73a-f8dc-462f-8670-f20ab89421fc