CVE-2021-47959

EUVD-2021-34814
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloads to trigger server out-of-memory conditions and MySQL connection errors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
wpgraphqlwpgraphql
1.3.5
CNA
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/49807
https://www.vulncheck.com/advisories/wordpress-plugin-wpgraphql-denial-of-service
https://www.wpgraphql.com/