2019-06-10 17:32:39
mitre
PUBLISHED
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the users RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.