69 matches found
CVE-2015-4465
Cross-site scripting XSS vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Directory traversal
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a loadtemplate action to wp-admin/admin-ajax.php...
CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
Exploit Title: CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin Local File Inclusion Date: 2015/06/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://zanematthew.com/ Software Link:...
Pie Register 2.0.14-2.0.15 - Privilege Escalation
User input is not validated correctly when accepting a login request via the Pie Register plugin. It is possible to manipulate posted variables in order to login using an arbitrary User ID such as 1, for the default Administrative account. PoC import requests target="http://localhost" payload =...
Deserialization of untrusted data
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to 1 add a user by uploading a crafted CSV file or 2 activate a user account via a verifyit action...
WordPress Pie Register Plugin 2.0.13 - Privilege Escalation
This vulnerability allows anyone to import CSV file and the plugin import users from this "pie-register\pie-register.php" file. Solution Update to version 2.0.14...
CVE-2013-4954
Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 pass1 or 2 pass2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 pass1 or 2 pass2...
CVE-2013-4954
Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 pass1 or 2 pass2...