PatchSiren cyber security CVE debrief
CVE-2026-40762 WPGraphQL CVE debrief
CVE-2026-40762 is a HIGH severity vulnerability with a CVSS score of 7.5. It affects WPGraphQL plugin versions prior to 2.11.1, allowing unauthenticated SQL injection attacks. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- WPGraphQL
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WPGraphQL plugin versions prior to 2.11.1 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection weakness in WPGraphQL plugin versions prior to 2.11.1. This weakness is classified as CWE-89.
Defensive priority
HIGH
Recommended defensive actions
- Update WPGraphQL plugin to version 2.11.1 or later.
- Refer to [ref-4] for mitigation or vendor reference.
Evidence notes
The vendor and product information is currently unknown. The CVE record was obtained from [cve-org] and additional details from [nvd].
Official resources
-
CVE-2026-40762 CVE record
CVE.org
-
CVE-2026-40762 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40762 was published on 2026-06-15T21:16:49.117Z and last modified on 2026-06-15T21:24:32.790Z.