PT-2019-19912 · WordPress · Wpgraphql

·

CVE-2019-9879

·

Published

2019-06-10

·

Updated

2024-01-22

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WPGraphQL version 0.2.3
Description The issue allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
Recommendations For WPGraphQL version 0.2.3, update to a version that fixes this issue to prevent remote attackers from registering new users with admin privileges.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2019-9879

Affected Products

Wpgraphql