本ページは wpengine wpgraphql に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-47959 | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors. | [email protected] | 8.7 | 0.45% | 2026-05-15 | 2026-06-17 |
| CVE-2022-1563 | The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. | [email protected] | 5.3 | 0.72% | 2024-01-16 | 2026-06-17 |
| CVE-2023-23684 | Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | [email protected] | 4.4 | 0.36% | 2023-11-12 | 2026-06-17 |
| CVE-2019-9881 | The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | [email protected] | 5.3 | 18.83% | 2019-06-10 | 2026-06-16 |
| CVE-2019-9880 | An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. | [email protected] | 9.1 | 34.76% | 2019-06-10 | 2026-06-16 |
| CVE-2019-9879 | The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | [email protected] | 9.8 | 46.61% | 2019-06-10 | 2026-06-16 |