cleantalk
Vulnerabilities and Security Researches

WPGraphQL Smart Cache, 67bffa5233e71f0f6e6f08ff3569e436ffd493ff

CVE, Research URL

67bffa5233e71f0f6e6f08ff3569e436ffd493ff

Home page URL

Security reports for WPGraphQL Smart Cache

Application

WPGraphQL Smart Cache

Published on
Dec 12, 2025
Research Description
WPGraphQL Smart Cache [wpgraphql-smart-cache] < 2.0.1 WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure The WPGraphQL Smart Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to 2.0.1 (exclusive) via the query endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions
max 2.0.1.
Status
vulnerable
Previous vulnerability researches
Leadinfo (CVE-2025-48271) , Jun 04, 2025
Leadinfo (CVE-2024-32112) , Jun 07, 2024
New vulnerability
a3 Lazy Load (CVE-2025-9873) , Apr 25, 2026
Brizy &#8211; Page Builder (CVE-2025-0969) , Apr 25, 2026
GHL Wizard (CVE-2025-5483) , Apr 25, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-6393) , Apr 25, 2026
Pronamic Google Maps (CVE-2025-9352) , Apr 25, 2026