Vulnerabilities and security researches forwpgraphql-smart-cache wpgraphql-smart-cache

Apr 25, 2026

CVE, Research URL: 67bffa5233e71f0f6e6f08ff3569e436ffd493ff
Home page URL: Security reports for WPGraphQL Smart Cache
Application: WPGraphQL Smart Cache
Date: Dec 12, 2025
Research Description: WPGraphQL Smart Cache [wpgraphql-smart-cache] < 2.0.1 WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure The WPGraphQL Smart Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to 2.0.1 (exclusive) via the query endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions: max 2.0.1.
Status: vulnerable