mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
908 B
908 B
CVE-2019-9880
Description
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
POC
Reference
- http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html
- https://wpvulndb.com/vulnerabilities/9282
- https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/