Skip to main content

Pie Register

14 CVEs product

Monthly

CVE-2026-10530 MEDIUM POC PATCH This Month

Pie Register WordPress plugin versions before 3.8.4.10 generates account verification tokens with insufficient randomness, enabling unauthenticated remote attackers to predict or enumerate valid tokens and activate registered accounts without receiving the associated verification email. This effectively bypasses the email-as-ownership-proof step in the registration flow, allowing account takeover of any pending registration. A publicly available exploit exists per WPScan; SSVC flags the attack as automatable with partial technical impact, though no confirmed active exploitation appears in CISA KEV at time of analysis.

Information Disclosure WordPress Pie Register
NVD WPScan VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-27957 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.8.3.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pie Register
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-0552 MEDIUM POC THREAT This Month

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Pie Register
NVD WPScan
CVSS 3.1
5.4
EPSS
24.3%
CVE-2022-4024 MEDIUM POC This Month

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pie Register
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-24731 CRITICAL POC Act Now

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pie Register
NVD WPScan
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-24647 HIGH POC This Week

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Pie Register
NVD WPScan
CVSS 3.1
8.1
EPSS
8.4%
CVE-2021-24239 MEDIUM POC PATCH This Month

The Pie Register - User Registration Forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Pie Register
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-15659 CRITICAL Act Now

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Pie Register
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-1010207 MEDIUM This Month

Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pie Register
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-10969 CRITICAL POC Act Now

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Pie Register
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.3%
CVE-2015-7682 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Pie Register
NVD GitHub
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-7377 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Pie Register
NVD GitHub
CVSS 2.0
4.3
EPSS
5.8%
CVE-2014-8802 MEDIUM POC This Month

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP Pie Register
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.0%
CVE-2013-4954 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password". Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Pie Register
NVD Exploit-DB
CVSS 2.0
2.6
EPSS
8.4%
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Pie Register WordPress plugin versions before 3.8.4.10 generates account verification tokens with insufficient randomness, enabling unauthenticated remote attackers to predict or enumerate valid tokens and activate registered accounts without receiving the associated verification email. This effectively bypasses the email-as-ownership-proof step in the registration flow, allowing account takeover of any pending registration. A publicly available exploit exists per WPScan; SSVC flags the attack as automatable with partial technical impact, though no confirmed active exploitation appears in CISA KEV at time of analysis.

Information Disclosure WordPress Pie Register
NVD WPScan VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.8.3.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pie Register
NVD
EPSS 24% CVSS 5.4
MEDIUM POC THREAT This Month

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Pie Register
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pie Register
NVD WPScan
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pie Register
NVD WPScan
EPSS 8% CVSS 8.1
HIGH POC This Week

The Registration Forms - User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Pie Register
NVD WPScan
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

The Pie Register - User Registration Forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Pie Register
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL Act Now

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Pie Register
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pie Register
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Pie Register
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP +1
NVD GitHub
EPSS 6% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD GitHub
EPSS 8% CVSS 5.0
MEDIUM POC This Month

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP +1
NVD Exploit-DB
EPSS 8% CVSS 2.6
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password". Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy