13 matches found
CVE-2024-27957
CVE-2024-27957 is an Unauthenticated Arbitrary File Upload in Pie Register (Registration Forms plugin). Affected versions: up to 3.8.3.1. The NVD/Wordfence data confirm a high-severity impact (unrestricted file upload) with no patch status reported in the provided materials; exploitation status n...
CVE-2023-0552
CVE-2023-0552 concerns the WordPress plugin Pie Register (pre-3.8.2.3). The issue is an Open Redirect caused by improper validation of the redirection URL during login and logout. Exploitation would involve an attacker steering a user to a malicious site via the redirect_to parameter, with potent...
CVE-2015-7377
The CVE-2015-7377 vulnerability affects WordPress Pie Register plugin versions before 2.0.19, where an unsanitized invitaion_code parameter in pie-register.php enables reflected XSS. The root cause is improper handling of the GET parameter, allowing injection of arbitrary script/HTML. Impact is r...
CVE-2021-24647
Mode C: The CVE relates to the WordPress Pie Register plugin (before 3.7.1.6). The vulnerability is an unauthenticated arbitrary login via the plugin’s social login flow, allowing an attacker to log in as any user by supplying a user ID or username. The root cause is a flaw in the social login im...
CVE-2021-24239
The CVE-2021-24239 entry affects the WordPress plugin Pie Register prior to version 3.7.0.1. The vulnerability is a reflected Cross-Site Scripting (XSS) in which the plugin does not sanitize the invitaion_code GET parameter when it is output on the Activation Code page, allowing an attacker to in...
CVE-2019-15659
CVE-2019-15659 concerns the WordPress Pie Register plugin. The vulnerability is a SQL injection in the Pie Register plugin prior to 3.1.2 that could allow an attacker to perform arbitrary SQL commands via the affected functionality (invitation codes grid). Public references in the connected docum...
CVE-2021-24731
The Pie Register plugin for WordPress (vulnerable:
CVE-2018-10969
CVE-2018-10969 : SQL injection in the WordPress Pie Register plugin (before 3.0.10) allows remote attackers to execute arbitrary SQL via the invitation codes grid. Affected software: Pie Register plugin for WordPress. Root cause: unparameterized SQL in the invitation codes grid. Impact: attacker ...
CVE-2019-1010207
Genetechsolutions Pie Register 3.0.15 is affected by Cross Site Scripting (XSS) in the Login component (parameters: interim-login, wp-lang, and supplied URL). The issue allows an attacker to steal session cookies if a user clicks a malicious link; root cause is insufficient validation of client-s...
CVE-2022-4024
The CVE-2022-4024 issue affects the Registration Forms WordPress plugin prior to version 3.8.1.3. It allows unauthenticated attackers to delete arbitrary users (and their posts) via an init action handler due to missing authorization checks and CSRF protection. The vulnerability is evidenced acro...
CVE-2015-7682
CVE-2015-7682 concerns the Pie Register WordPress plugin (version 2.0.18 or earlier). The connected sources confirm two blind SQL injection vulnerabilities in pie-register/pie-register.php, exploitable via POST parameters: “select_invitaion_code_bulk_option” and “invi_del_id” on the pie-invitatio...
CVE-2024-13818
CVE-2024-13818 affects the WordPress plugin “Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction.” Technical details in connected documents show the vulnerability is an exposure of potentially sensitive user data v...
CVE-2014-8802
CVE-2014-8802 affects the WordPress Pie Register plugin, specifically versions before 2.0.14. The issue arises from inadequate access control in pie-register.php, allowing remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action. Expl...