CVE-2019-9881 (wpgraphql)

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when ‘allow comment’ is disabled.
Source: NIST
CVE-2019-9881 (wpgraphql)