An issue exists in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpengine wpgraphql 0.2.3 |