WPGraphQL

Vulnerabilities 11Slug wp-graphqlLatest version 2.13.0WordPress.org →

Minimum safe version

2.11.1

Update to 2.11.1 or later to address 11 fixable vulnerabilities

Latest available2.13.0 ✓

Medium 5.4

2026-05-07< 2.5.4

CVE-2025-68604

CVE Patchstack

N/A

2026-04-21< 2.11.1

WPGraphQL < 2.11.1 - Unauthenticated SQL Injection

Wordfence CVE

Medium 4.3

2026-03-24< 2.10.0

WPGraphQL <= 2.9.1 - Missing Authorization

Wordfence CVE

High 7.7

2026-02-26< 2.9.1

CVE-2026-27938

CVE

Medium 4.4

2023-11-13< 1.14.6

CVE-2023-23684

CVE Patchstack Wordfence WPScan

N/A

2019-05-22< 0.3.0

WordPress WPGraphQL plugin <= 0.2.3 - Multiple Vulnerabilities

Patchstack

N/A

2021-04-27< 1.3.6

WPGraphQL <= 1.3.5 - Denial of Service

Wordfence Patchstack CVE WPScan

Medium 5.3

2022-05-09< 0.3.5

CVE-2019-25060

CVE Wordfence WPScan

Medium 5.3

2019-06-10< 0.3.0

CVE-2019-9881

CVE Wordfence WPScan

Critical 9.1

2019-06-10< 0.3.0

CVE-2019-9880

CVE Wordfence

Critical 9.8

2019-06-10< 0.3.0

CVE-2019-9879

CVE Wordfence