Approved changes feed: RSS · Atom

cpe:2.3:a:wpengine:wpgraphql:1.3.5:*:*:*:*:*:*:*

part: a version: 1.3.5 update: *

VendorWpengine (e497888d-6961-5f9a-82ea-2da6d8712318)
ProductWpgraphql (78481cae-9926-5f59-a9aa-f08c90b5e3c3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-47959 vulnerable 2026-06-08 05:38:07.994538 WordPress Plugin WPGraphQL 1.3.5 Denial of Service
HIGH (7.5)
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors.
Published: 2026-05-15T18:36:28.171Z
Updated: 2026-05-15T21:14:26.041Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.