CVE-2022-1563

Source
https://cve.org/CVERecord?id=CVE-2022-1563
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1563.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1563
Published
2024-01-16T15:50:08.325Z
Modified
2026-07-15T01:48:52.390414738Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure
Details

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1563.json",
    "cna_assigner": "WPScan"
}
References

Affected packages

Git / github.com/wp-graphql/wp-graphql

Affected ranges

Type
GIT
Repo
https://github.com/wp-graphql/wp-graphql
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:wpengine:wpgraphql:*:*:*:*:*:wordpress:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.12.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/wp-graphql/wp-graphql-woocommerce
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.4"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.0.2
0.0.3
0.0.5
Other
list
v0.*
v0.0-beta
v0.0.10
v0.0.11
v0.0.12
v0.0.13
v0.0.14
v0.0.15
v0.0.16
v0.0.18
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.25
v0.0.26
v0.0.27
v0.0.28
v0.0.29
v0.0.30
v0.0.31
v0.0.32
v0.0.33
v0.0.34
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.11.0
v0.11.1
v0.11.2
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.3.01
v0.3.2
v0.3.3
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.7.0
v0.7.1
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1563.json"