Without authorisation, weak access controls allow us to: * Create administrative users * Post comments on articles bypassing article restrictions and global moderation * Retrieve content of password-protected posts/articles/pages * Retrieve full list of registered users in the platform * Retrieve full list of media, comments, themes and plugins with one simple request The test was performed locally using WordPress 5.1.1 and WPGraphQL 0.2.3
MULTI
Simone Quatrini
Simone Quatrini
No
2019-05-08 (about 4 years ago)
2019-05-21 (about 4 years ago)
2020-09-22 (about 2 years ago)