Unauthenticated Users Can Bypass Comment Restrictions in WPGraphQL 0.2.3 Plugin
CVE-2019-9881 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
Learn more about our Wordpress Pen Testing.