Rohan Pagey

**Name of the Vulnerable Software and Affected Versions** WPGraphQL WooCommerce WordPress plugin versions prior to 0.12.4 **Description** The issue allows unauthenticated attackers to enumerate a shop's coupon codes and values via GraphQL. This can be done through `GraphQL` endpoints, potentially exposing sensitive information about the shop's coupons. **Recommendations** For versions prior to 0.12.4, update to version 0.12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to GraphQL endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPGraphQL WordPress plugin versions prior to 0.3.5 **Description** The issue allows a remote attacker to forge a GraphQL query and retrieve the account roles of every user on the site due to improper access restriction to user role information. **Recommendations** For WPGraphQL WordPress plugin versions prior to 0.3.5, update to version 0.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to GraphQL queries to minimize the risk of exploitation.