Security: wp-graphql/wp-graphql
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permissionGHSA-9hc3-mh5h-4fgh published
Mar 18, 2026 by jasonbahlModerate -
Command Injection via Unsanitized GitHub Actions Expression in Release WorkflowGHSA-4q9f-mjxf-rx7x published
Feb 25, 2026 by jasonbahlHigh -
WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)GHSA-cfh4-7wq9-6pgg published
Jun 30, 2023 by jasonbahlLow
Learn more about advisories related to wp-graphql/wp-graphql in the GitHub Advisory Database