Vulnerable Plugins
There are fifteen issues this week, with five unfixed. The most critical this week is in WPGraphQL which includes
- Create administrative users
- Post comments on articles bypassing article restrictions and global moderation
- Retrieve content of password-protected posts/articles/pages
- Retrieve full list of registered users in the platform
- Retrieve full list of media, comments, themes and plugins with one simple request
These vulnerabilities were discovered by PenTestPartners. The vulnerabilities have been patched in version 0.3.0