CVE-2026-40762

HIGH7.5JSON export Create alert

Description

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Affected products

WPGraphQL / WPGraphQLn/a – 2.11.1

References

MISChttps://patchstack.com/database/wordpress/plugin/wp-graphql/vulnerability/wordpress-wpgraphql-plugin-2-11-1-sql-injection-vulnerability?_s_id=cve