cleantalk
Vulnerabilities and Security Researches

WPGraphQL, CVE-2019-9881

CVE, Research URL

CVE-2019-9881

Home page URL

Security reports for WPGraphQL

Application

WPGraphQL

Published on
Jun 10, 2019
Research Description
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
Affected versions
max 0.3.0.
Status
vulnerable
Previous vulnerability researches
WPGraphQL (CVE-2019-9880) , Jun 06, 2024
WPGraphQL (CVE-2023-23684) , Jun 06, 2024
WPGraphQL (CVE-2019-9881) , Jun 06, 2024
WPGraphQL (CVE-2019-25060) , Jun 06, 2024
WPGraphQL (CVE-2019-9879) , Jun 06, 2024
New vulnerability
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-4659) , Apr 18, 2026
WPGraphQL (CVE-2026-33290) , Apr 18, 2026
WPGraphQL (CVE-2026-27938) , Apr 18, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-1054) , Apr 18, 2026
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2026-5710) , Apr 18, 2026