WPGraphQL 0.2.3 - User Creation

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

11 days 3 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

References:

https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0
https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py
https://wpscan.com/vulnerability/2d451c89-91ce-4151-b3fb-56af15869644/
https://nvd.nist.gov/vuln/detail/CVE-2019-9879

Get started to protecting your digital assets

Start trial See the plans

WPGraphQL 0.2.3 - User Creation

Short Info

Detail

Category