AIKIDO-2025-10948
wp-graphql/wp-graphql-smart-cache is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere
47
Medium Risk
This Affects:
wp-graphql/wp-graphql-smart-cacheTL;DR
Affected versions of this package are vulnerable to Insecure Caching of Authenticated GraphQL Requests due to incorrectly determining a user's authentication state via is_user_logged_in() after the WordPress core had already reset the current user to zero within the same request, which could allow an attacker to exploit this by causing an authenticated user (e.g., an administrator) to execute a specific GraphQL query without a nonce, typically via a direct URL containing a particular query, thereby caching the private response data (like draft posts) and subsequently serving that sensitive data from cache to any unauthenticated visitor.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
wp-graphql/wp-graphql-smart-cache is vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in versions 0.1.0 - 2.0.0.
How to fix this
Upgrade the wp-graphql/wp-graphql-smart-cache library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant