cleantalk
Vulnerabilities and Security Researches

WPGraphQL Smart Cache, 67bffa5233e71f0f6e6f08ff3569e436ffd493ff

CVE, Research URL

67bffa5233e71f0f6e6f08ff3569e436ffd493ff

Home page URL

Security reports for WPGraphQL Smart Cache

Application

WPGraphQL Smart Cache

Published on
Dec 12, 2025
Research Description
WPGraphQL Smart Cache [wpgraphql-smart-cache] < 2.0.1 WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure The WPGraphQL Smart Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to 2.0.1 (exclusive) via the query endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions
max 2.0.1.
Status
vulnerable
Previous vulnerability researches
Email Inquiry &amp; Cart Options for WooCommerce (CVE-2026-24526) , Jan 27, 2026
New vulnerability
Zoho Flow (CVE-2025-8479) , Apr 25, 2026
Zoho Flow (CVE-2025-59568) , Apr 25, 2026
Sheets to WP Table Live Sync &#8211; WordPress Table Plugin with Google Sheets Integration (CVE-2025-9543) , Apr 25, 2026
GeoDirectory &#8211; WordPress Business Directory Plugin, or Classified Directory (CVE-2025-6200) , Apr 25, 2026
WPeMatico RSS Feed Fetcher (CVE-2025-57937) , Apr 25, 2026