WPGraphQL WooCommerce <= 0.11.0 – Unauthenticated Coupon Codes Disclosure

WPGraphQL WooCommerce <= 0.11.0 – Unauthenticated Coupon Codes Disclosure

Description. The plugin does not prevent unauthenticated attackers from enumerating a shop’s coupon codes and values via GraphQL. Proof of Concept.

 

Read More Google Alert – graphql