cleantalk
Vulnerabilities and Security Researches

WPGraphQL, CVE-2019-9879

CVE, Research URL

CVE-2019-9879

Home page URL

Security reports for WPGraphQL

Application

WPGraphQL

Published on
Jun 10, 2019
Research Description
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
Affected versions
max 0.3.0.
Status
vulnerable
Previous vulnerability researches
WPGraphQL (CVE-2019-9880) , Jun 06, 2024
WPGraphQL (CVE-2023-23684) , Jun 06, 2024
WPGraphQL (CVE-2019-9881) , Jun 06, 2024
WPGraphQL (CVE-2019-25060) , Jun 06, 2024
WPGraphQL (CVE-2019-9879) , Jun 06, 2024
New vulnerability
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-4659) , Apr 18, 2026
WPGraphQL (CVE-2026-33290) , Apr 18, 2026
WPGraphQL (CVE-2026-27938) , Apr 18, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-1054) , Apr 18, 2026
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2026-5710) , Apr 18, 2026