Vulnerabilities > Wpengine > Wpgraphql > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2022-1563 Unspecified vulnerability in Wpengine Wpgraphql
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.
network
low complexity
wpengine
5.3
2023-11-13 CVE-2023-23684 Unspecified vulnerability in Wpengine Wpgraphql
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
network
low complexity
wpengine
6.5
2019-06-10 CVE-2019-9881 Missing Authentication for Critical Function vulnerability in Wpengine Wpgraphql 0.2.3
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
network
low complexity
wpengine CWE-306
5.3