PatchSiren

WPGraphQL CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WPGraphQL CVE published 2026-06-15

CVE-2026-40762

CVE-2026-40762 is a HIGH severity vulnerability with a CVSS score of 7.5. It affects WPGraphQL plugin versions prior to 2.11.1, allowing unauthenticated SQL injection attacks. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].

HIGH Wpgraphql CVE published 2026-05-15

CVE-2021-47959

CVE-2021-47959 is a high-severity denial-of-service issue in WPGraphQL 1.3.5. According to the supplied record, an unauthenticated attacker can send batched GraphQL queries with duplicated fields to exhaust server resources, leading to out-of-memory conditions and MySQL connection errors. The supplied CVE record was published on 2026-05-15 and modified on 2026-05-18.