WordPress Plugin Vulnerabilities

Pie Register <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS)

Description

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
pie-register
Fixed in 3.0.18

References

URL
https://packetstormsecurity.com/files/#149924/
URL
https://plugins.trac.wordpress.org/changeset/1962835/pie-register

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Socket_0x03 (Alvaro J. Gene)
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2a05ebe6-ad16-4070-90ae-be600cfe2b08

Timeline

Publicly Published
2018-10-24 (about 7 years ago)
Added
2018-10-29 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-03-27
Title
Salon booking system < 9.6.3 - Unauthenticated Stored XSS
Published
2022-03-24
Title
myCred < 2.4.4 - Reflected Cross-Site Scripting
Published
2015-04-20
Title
All in One SEO Pack <= 2.2.6.1 - Cross-Site Scripting (XSS)
Published
2025-01-16
Title
Google Org Chart <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-24
Title
Zotpress < 7.3.5 - Reflected XSS