Simone Q

**Name of the Vulnerable Software and Affected Versions** WPGraphQL version 0.2.3 **Description** The issue allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the `registerUser` mutation. **Recommendations** For WPGraphQL version 0.2.3, update to a version that fixes this issue to prevent remote attackers from registering new users with admin privileges.

**Name of the Vulnerable Software and Affected Versions** WPGraphQL version 0.2.3 **Description** The issue allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled, through the createComment mutation. **Recommendations** For WPGraphQL version 0.2.3, consider disabling the createComment mutation until a patch is available to prevent unauthorized comment posting.