CVE-2019-9880
CVE-2019-9880
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/46886não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.htmlhttps://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.pyhttps://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0https://wpvulndb.com/vulnerabilities/9282https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/