ByteOS Network

CVE Vulnerability Details :

CVE-2025-68604

PUBLISHED

More Info Official Page

Assigner-Patchstack

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-07 May, 2026 | 07:40

Updated At-07 May, 2026 | 07:40

▼CVE Numbering Authority (CNA)

WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.

Affected Products

Vendor

WPGraphQL

Product

WPGraphQL

Collection URL

https://wordpress.org/plugins

Package Name

wp-graphql

Default Status

unaffected

Versions

Affected

From n/a through 2.5.3 (custom)
- -> unaffectedfrom2.5.4

Problem Types

Type	CWE ID	Description
CWE	CWE-352	CWE-352 Cross-Site Request Forgery (CSRF)

Type: CWE

CWE ID: CWE-352

Description: CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

Version	Base score	Base severity	Vector
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-62	CAPEC-62 Cross Site Request Forgery

CAPEC ID: CAPEC-62

Description: CAPEC-62 Cross Site Request Forgery

Solutions

Update the WordPress WPGraphQL Plugin to the latest available version (at least 2.5.4).

Credits

finder

Nabil Irawan | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/wp-graphql/vulnerability/wordpress-wpgraphql-plugin-2-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-graphql/vulnerability/wordpress-wpgraphql-plugin-2-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Resource:

vdb-entry

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References