cleantalk
Vulnerabilities and Security Researches

WPGraphQL, CVE-2019-25060

CVE, Research URL

CVE-2019-25060

Home page URL

Security reports for WPGraphQL

Application

WPGraphQL

Published on
May 09, 2022
Research Description
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
Affected versions
max 0.3.0.
Status
vulnerable
Previous vulnerability researches
WPGraphQL (CVE-2019-9880) , Jun 06, 2024
WPGraphQL (CVE-2023-23684) , Jun 06, 2024
WPGraphQL (CVE-2019-9881) , Jun 06, 2024
WPGraphQL (CVE-2019-25060) , Jun 06, 2024
WPGraphQL (CVE-2019-9879) , Jun 06, 2024
New vulnerability
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-4659) , Apr 18, 2026
WPGraphQL (CVE-2026-33290) , Apr 18, 2026
WPGraphQL (CVE-2026-27938) , Apr 18, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-1054) , Apr 18, 2026
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2026-5710) , Apr 18, 2026