CVE-2019-9880
CVE-2019-9880
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.htmlno verificadoexploitdbwww.exploit-db.com/exploits/46886no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.htmlhttps://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.pyhttps://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0https://wpvulndb.com/vulnerabilities/9282https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/