WordPress Plugin Vulnerabilities

Pie Register <= 3.0.9 - Authenticated Blind SQL Injection

Description

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
pie-register
Fixed in 3.0.10

References

CVE
CVE-2018-10969
Exploitdb
44867
URL
https://seclists.org/fulldisclosure/2018/Jun/32
URL
https://plugins.trac.wordpress.org/changeset/1892614/pie-register

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
eff197b9-254e-4452-a63d-25c64d0c4a2c

Timeline

Publicly Published
2018-06-12 (about 7 years ago)
Added
2018-06-14 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Event Registration <= 5.43 - SQL Injection
Published
2025-09-22
Title
Mail Mint < 1.18.7 - Authenticated (Administrator+) SQL Injection
Published
2025-11-18
Title
Community Events < 1.5.5 - Unauthenticated SQL Injection
Published
2023-07-10
Title
RSVPMarker < 10.5.5 - Admin+ SQL Injection (SQLi)
Published
2025-11-23
Title
ArtPlacer Widget < 2.23 - Authenticated (Contributor+) SQL Injection