Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total8
Critical3
High2
Medium3
Reset
Showing 1-8 of 8 records
Threat Entry Updated 2025-07-10

CVE-2025-34077 - Pie Register Plugin

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.

PLUGIN Pie Register

CVE-2025-34077

CRITICAL CVSS 10.0 2025-07-09
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2024-13818 - Pie Register Plugin

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.

PLUGIN Pie Register

CVE-2024-13818

MEDIUM CVSS 5.3 2025-02-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-6069 - Pie Register Plugin

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate and deactivate arbitrary plugins. As a result attackers might achieve code execution on the targeted server

PLUGIN Pie Register

CVE-2024-6069

HIGH CVSS 8.8 2024-07-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4544 - Pie Register Plugin

The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

PLUGIN Pie Register

CVE-2024-4544

CRITICAL CVSS 9.8 2024-05-24
Open Full Technical Breakdown
Threat Entry Updated 2025-03-18

CVE-2023-0552 - Pie Register Plugin

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability

PLUGIN Pie Register

CVE-2023-0552

MEDIUM CVSS 5.4 2023-02-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24731 - Pie Register Plugin

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.

PLUGIN Pie Register

CVE-2021-24731

CRITICAL CVSS 9.8 2021-11-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24647 - Pie Register Plugin

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username

PLUGIN Pie Register

CVE-2021-24647

HIGH CVSS 8.1 2021-11-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24239 - Pie Register Plugin

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.

PLUGIN Pie Register

CVE-2021-24239

MEDIUM CVSS 6.1 2021-04-22
Open Full Technical Breakdown
Scroll to top