Unauthenticated User Data Disclosure in WPGraphQL Plugin

Unauthenticated User Data Disclosure in WPGraphQL Plugin

CVE-2019-9880 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

Learn more about our Wordpress Pen Testing.