本頁列出影響 wpengine wpgraphql 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-1563 | The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. | [email protected] | 5.3 | 0.72% | 2024-01-16 | 2025-06-20 |
| CVE-2023-23684 | Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | [email protected] | 4.4 | 0.36% | 2023-11-13 | 2026-04-28 |
| CVE-2019-9881 | The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | [email protected] | 5.3 | 18.83% | 2019-06-10 | 2024-11-21 |
| CVE-2019-9880 | An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. | [email protected] | 9.1 | 34.76% | 2019-06-10 | 2024-11-21 |
| CVE-2019-9879 | The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | [email protected] | 9.8 | 46.61% | 2019-06-10 | 2024-11-21 |