WPGraphQL 0.2.3 - User Creation

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

22 days 19 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

References:

https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0
https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py
https://wpscan.com/vulnerability/2d451c89-91ce-4151-b3fb-56af15869644/
https://nvd.nist.gov/vuln/detail/CVE-2019-9879

Get started to protecting your digital assets

Start trial See the plans

WPGraphQL 0.2.3 - User Creation

Short Info

-

Detail

Category