Описание
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-9881
- https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py
- https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0
- https://wpvulndb.com/vulnerabilities/9282
- https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql
- http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.