PT-2019-19912 · WordPress · Wpgraphql
Simone Q
·
Published
2019-06-10
·
Updated
2024-01-22
·
CVE-2019-9879
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WPGraphQL version 0.2.3
Description
The issue allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the
registerUser mutation.Recommendations
For WPGraphQL version 0.2.3, update to a version that fixes this issue to prevent remote attackers from registering new users with admin privileges.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpgraphql