PT-2023-3468 · WordPress · Wordpress Social Login/Register

Name of the Vulnerable Software and Affected Versions: WordPress Social Login and Register plugin versions up to and including 7.6.4 Description: The issue is related to an authentication bypass in the WordPress Social Login and Register plugin. This is due to insufficient encryption on the user...

CVE-2023-2027

The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to...

WordPress Pie Register Plugin < 3.8.1.3 is vulnerable to Arbitrary Content Deletion

Software Pie Register Type Plugin Vulnerable versions 3.8.1.3 Fixed in 3.8.1.3 OWASP Top 10 A1: Injection Classification Arbitrary Content Deletion CVE CVE-2022-4024 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 837f46e8cf1c Credits cydave Required privilege...

CVE-2023-0552 Pie Register < 3.8.2.3 - Open Redirect

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Broken Access Control

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.5.14 Fixed in 7.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-24375 Patch priority Low CVSS severity Low 3.5 Developer Claim ownership...

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts PoC Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php...

WordPress 插件授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Pie Register plugin prior to version 3.7.1.6, whi...

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username /pie-register-login/ is the login page of the plugin, ie the one with pieregisterlogin v 3.7.1.5 POST /pie-register-login/ HTTP/1....

CVE-2021-24239

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaioncode GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue...

WordPress pie-register plugin SQL injection vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. pie-register is a plugin for user registration and login form customization. A SQL injection vulnerability exists in WordPress...

CVE-2019-15659

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969...

WordPress Pie Register plugin <= 3.0.9 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Manuel Garcia Cardenas WordPress Pie Register plugin versions = 3.0.9. Solution Update the WordPress Pie Register plugin to the latest available version at least 3.0.10...

CVE-2018-10969

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid...

CVE-2018-10969

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid...

Sql injection

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid...

CVE-2018-10969

CVE-2018-10969 : SQL injection in the WordPress Pie Register plugin (before 3.0.10) allows remote attackers to execute arbitrary SQL via the invitation codes grid. Affected software: Pie Register plugin for WordPress. Root cause: unparameterized SQL in the invitation codes grid. Impact: attacker ...

WordPress Pie Register Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Pie Register plugin, which can be exploited by attackers to obtain...

Sql injection

Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the 1 selectinvitaioncodebulkoption or 2 invidelid parameter in the pie-invitation-codes page to...

CVE-2015-7377

Cross-site scripting XSS vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URI...

WordPress Pie Register Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language and Pie Register is one of the plugins. A SQL injection vulnerability exists in the Pie Register plugin in WordPress. An attacker can exploit this vulnerability to obtain sensitive information...