← back
CVE-2019-9880

CVE-2019-9880

EPSS 34.8%◆ VulnCheck KEV
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 34.8%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
21 May 2019Public PoC
10 Jun 2019Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.