Skip to main content

Pie Register CVE-2019-15659

CRITICAL
SQL Injection (CWE-89)
2019-08-27 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 27, 2019 - 12:15 nvd
CRITICAL 9.8

DescriptionNVD

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.

AnalysisAI

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. Affected products include: Genetechsolutions Pie Register. Version information: before 3.1.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2021-24731 CRITICAL POC
9.8 Nov 08

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPres

CVE-2018-10969 CRITICAL POC
9.8 Jun 17

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute ar

CVE-2021-24647 HIGH POC
8.1 Nov 08

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPres

CVE-2014-8802 MEDIUM POC
5.0 Jan 23

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-regist

CVE-2015-7682 MEDIUM POC
6.5 Oct 16

Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for Wor

CVE-2022-4024 MEDIUM POC
6.5 Dec 19

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an i

CVE-2024-27957 CRITICAL
10.0 Mar 17

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.8.3.1. Rated critical severity (CVSS 10.0)

CVE-2021-24239 MEDIUM POC
6.1 Apr 22

The Pie Register - User Registration Forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable

CVE-2015-7377 MEDIUM POC
4.3 Oct 16

Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for W

CVE-2023-0552 MEDIUM POC
5.4 Feb 27

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in an

CVE-2026-10530 MEDIUM POC
5.3 Jun 22

Pie Register WordPress plugin versions before 3.8.4.10 generates account verification tokens with insufficient randomnes

CVE-2013-4954 LOW POC
2.6 Jul 29

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before

Share

CVE-2019-15659 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy