cleantalk
Vulnerabilities and Security Researches

WPGraphQL, CVE-2019-9880

CVE, Research URL

CVE-2019-9880

Home page URL

Security reports for WPGraphQL

Application

WPGraphQL

Published on
Jun 10, 2019
Research Description
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Affected versions
max 0.3.0.
Status
vulnerable
Previous vulnerability researches
WPGraphQL (CVE-2019-9880) , Jun 06, 2024
WPGraphQL (CVE-2023-23684) , Jun 06, 2024
WPGraphQL (CVE-2019-9881) , Jun 06, 2024
WPGraphQL (CVE-2019-25060) , Jun 06, 2024
WPGraphQL (CVE-2019-9879) , Jun 06, 2024
New vulnerability
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-4659) , Apr 18, 2026
WPGraphQL (CVE-2026-33290) , Apr 18, 2026
WPGraphQL (CVE-2026-27938) , Apr 18, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-1054) , Apr 18, 2026
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2026-5710) , Apr 18, 2026