Description. The plugin does not prevent unauthenticated attackers from enumerating a shop’s coupon codes and values via GraphQL. Proof of Concept.
Read More Google Alert – graphql
WPGraphQL WooCommerce <= 0.11.0 – Unauthenticated Coupon Codes Disclosure