EUVD-2025-20764CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Lifecycle Timeline
4Description
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
Analysis
The Pie Register WordPress plugin versions up to 3.7.1.4 contain an authentication bypass that allows unauthenticated attackers to log in as any user including administrators. By submitting a crafted POST request with social_site=true and a target user_id_social_site value, attackers generate valid WordPress sessions for arbitrary accounts.
Technical Context
The plugin's login endpoint accepts social_site and user_id_social_site parameters that bypass normal password validation. When social_site=true is set, the plugin generates a WordPress session for the user specified by user_id_social_site without verifying any OAuth token or social platform authentication. An attacker only needs to know or guess a valid user ID (user ID 1 is typically the admin).
Affected Products
['Pie Register – Social Sites Login <= 3.7.1.4']
Remediation
Update Pie Register immediately or remove the plugin. Audit WordPress sessions for unauthorized admin logins. Force logout all active sessions. Review installed plugins for unauthorized additions.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today