cleantalk
Vulnerabilities and Security Researches

WPGraphQL, CVE-2021-47959

CVE, Research URL

CVE-2021-47959

Home page URL

Security reports for WPGraphQL

Application

WPGraphQL

Published on
May 16, 2026
Research Description
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors.
Affected versions
max 1.3.5.
Status
vulnerable
Previous vulnerability researches
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (CVE-2025-22710) , Jan 19, 2025
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (CVE-2024-49687) , Oct 24, 2024
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (CVE-2024-0566) , Jun 07, 2024
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (54ee094a291c85ad46e95bf98a3a744d98443fda) , Jun 07, 2024
New vulnerability
WPGraphQL (CVE-2021-47959) , May 16, 2026
Smartcat Integration for WPML (CVE-2026-4683) , May 16, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2026-6929) , May 16, 2026
Woocommerce Support System (CVE-2025-14033) , May 16, 2026
MW WP Form (CVE-2026-6206) , May 16, 2026