{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/wpgraphql-1.3.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2021-47959"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WPGraphQL 1.3.5"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","wordpress","graphql"],"_cs_type":"threat","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WPGraphQL plugin, version 1.3.5, for WordPress is susceptible to a denial-of-service (DoS) vulnerability. This vulnerability allows unauthenticated attackers to send specially crafted GraphQL queries to exhaust server resources. By sending batched queries with duplicated fields in POST requests to the GraphQL endpoint, attackers can amplify the load on the server, leading to out-of-memory conditions and MySQL connection errors. This can disrupt the availability of the WordPress site, impacting legitimate users. This vulnerability was published in CVE details in 2021.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a WordPress site using WPGraphQL plugin version 1.3.5.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious GraphQL query containing batched queries with duplicated fields.\u003c/li\u003e\n\u003cli\u003eThe malicious query is sent as a POST request to the \u003ccode\u003e/graphql\u003c/code\u003e endpoint of the target WordPress site.\u003c/li\u003e\n\u003cli\u003eThe WPGraphQL plugin processes the query, resulting in excessive memory consumption due to the duplicated fields.\u003c/li\u003e\n\u003cli\u003eThe server attempts to allocate more memory to handle the query processing.\u003c/li\u003e\n\u003cli\u003eRepeated requests of this nature eventually lead to an out-of-memory (OOM) condition on the server.\u003c/li\u003e\n\u003cli\u003eThe MySQL server, supporting the WordPress site, experiences connection errors due to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe WordPress site becomes unavailable to legitimate users due to the denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial-of-service condition, rendering the WordPress site unavailable. The attack exhausts server resources, potentially causing MySQL connection errors and affecting legitimate users\u0026rsquo; access to the website. The number of affected websites depends on the prevalence of WPGraphQL plugin version 1.3.5.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect WPGraphQL Denial of Service Attack\u003c/code\u003e to your SIEM to identify potential exploitation attempts by monitoring for POST requests to \u003ccode\u003e/graphql\u003c/code\u003e containing excessive query length.\u003c/li\u003e\n\u003cli\u003eFilter web server logs for HTTP POST requests with large payloads to the \u003ccode\u003e/graphql\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eConsider rate limiting POST requests to the \u003ccode\u003e/graphql\u003c/code\u003e endpoint to mitigate potential DoS attacks.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of the WPGraphQL plugin to remediate CVE-2021-47959.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-15T19:23:38Z","date_published":"2026-05-15T19:23:38Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47959-wpgraphql-dos/","summary":"The WordPress Plugin WPGraphQL version 1.3.5 is vulnerable to a denial-of-service attack where unauthenticated attackers can exhaust server resources by sending batched GraphQL queries with duplicated fields, potentially causing server out-of-memory conditions and MySQL connection errors.","title":"CVE-2021-47959: WPGraphQL Plugin Denial of Service via Batched Queries","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47959-wpgraphql-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — WPGraphQL 1.3.5","version":"https://jsonfeed.org/version/1.1"}