CVE-2019-9879

CRITICAL EXPLOITED IN THE WILD NUCLEI

WPGraphQL 0.2.3 - Unauthenticated User Registration with Admin Privileges via registerUser Mutation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-9879 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This Python script exploits multiple vulnerabilities in wp-graphql <= 0.2.3, including unauthorized user registration as admin and posting comments as arbitrary users. It interacts with the GraphQL endpoint to perform these actions without authentication.

Description

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

Exploits (1)

exploitdb WORKING POC
pythonwebappsphp
https://www.exploit-db.com/exploits/46886

This Python script exploits multiple vulnerabilities in wp-graphql <= 0.2.3, including unauthorized user registration as admin and posting comments as arbitrary users. It interacts with the GraphQL endpoint to perform these actions without authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: wp-graphql <= 0.2.3 (WordPress plugin)
No auth needed
Prerequisites: Access to the GraphQL endpoint · WordPress with wp-graphql plugin <= 0.2.3
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

WPGraphQL 0.2.3 - User Creation
CRITICALby DhiyaneshDk
FOFA: body="/wp-content/plugins/wp-graphql/"

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.4661
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-12
InTheWild.io 2021-04-12
CWE
CWE-306
Status published
Products (1)
wpengine/wpgraphql 0.2.3
Published Jun 10, 2019
Tracked Since Feb 18, 2026