Every CVE whose affected-product data names Wpengine Wpgraphql, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-9879 — CVSS 9.8 (critical): The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user…
CVE-2019-9880 — CVSS 9.1 (critical): An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an…
CVE-2019-9881 — CVSS 5.3 (medium): The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even…
CVE-2022-1563 — CVSS 5.3 (medium): The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes…
CVE-2023-23684 — CVSS 4.4 (medium): Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.