WordPress Plugin WPGraphQL <= 1.3.5 - Denial of Service

The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL’s Batching capability.

NO known fix.

Removal or replacement strongly suggested.

Details: https://wpscan.com/vulnerability/95cc88c8-18a3-4937-a6a9-8e80c6e859c5

Posted in Exploit, Vulnerability.