An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
History

Fri, 15 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-10T17:32:39

Updated: 2024-11-15T15:18:44.814Z

Reserved: 2019-03-19T00:00:00

Link: CVE-2019-9880

cve-icon Vulnrichment

Updated: 2024-08-04T22:01:55.205Z

cve-icon NVD

Status : Modified

Published: 2019-06-10T18:29:01.143

Modified: 2024-11-21T04:52:29.867

Link: CVE-2019-9880

cve-icon Redhat

No data.