Vulnerabilities > Wpengine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6933 | Deserialization of Untrusted Data vulnerability in Wpengine Better Search Replace The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. | 9.8 |
| 2024-01-16 | CVE-2022-1563 | Unspecified vulnerability in Wpengine Wpgraphql The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. | 5.3 |
| 2023-11-13 | CVE-2023-23684 | Unspecified vulnerability in Wpengine Wpgraphql Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | 6.5 |
| 2023-07-11 | CVE-2023-24421 | Cross-Site Request Forgery (CSRF) vulnerability in Wpengine PHP Compatibility Checker Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. | 8.8 |
| 2019-06-10 | CVE-2019-9881 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | 5.3 |
| 2019-06-10 | CVE-2019-9880 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. | 9.1 |
| 2019-06-10 | CVE-2019-9879 | Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3 The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. | 9.8 |