What is CVE-2019-9880?

CVE-2019-9880 is a vulnerability in N/a. Published 2019-06-10.

Is CVE-2019-9880 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

EPSS: 0.729 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

wpvulndb.com/vulnerabilities/9282 (x_refsource_MISC)
packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-B… (x_refsource_MISC)
www.pentestpartners.com/security-blog/pwning-wordpress-graphql/ (x_refsource_MISC)
github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py (x_refsource_MISC)
github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-9880?: CVE-2019-9880 is a vulnerability in N/a. Published 2019-06-10.
Is CVE-2019-9880 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.