Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-25060 | 1 Wpgraphql | 1 Wpgraphql | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site. |