Unauthenticated Users Can Bypass Comment Restrictions in WPGraphQL 0.2.3 Plugin

Unauthenticated Users Can Bypass Comment Restrictions in WPGraphQL 0.2.3 Plugin

CVE-2019-9881 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.

Learn more about our Wordpress Pen Testing.