CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010207
https://notcve.org/view.php?id=CVE-2019-1010207
Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. • https://0day.today/exploit/31255 https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt https://seclists.org/bugtraq/2018/Oct/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15659 – Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments < 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-15659
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. El plugin pie-register antes de 3.1.2 para WordPress tiene inyección SQL, un problema diferente que CVE-2018-10969. The Pie Register plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions before 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wordpress.org/plugins/pie-register/#developers https://wpvulndb.com/vulnerabilities/9835 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2018-10969 – Pie Register <= 3.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-10969
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Vulnerabilidad de inyección SQL en el plugin Pie Register en versiones anteriores a la 3.0.10 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante la cuadrícula de códigos de invitación. Blind SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. WordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/44867 https://wordpress.org/plugins/pie-register/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7377 – Pie Register – User Registration Forms < 2.0.19 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-7377
Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI. Vulnerabilidad de XSS en pie-register/pie-register.php en el plugin Pie Register en versiones anteriores a 2.0.19 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro invitaion_code en una página pie-register en la URI por defecto. WordPress Pie Register plugin version 2.0.18 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536668/100/0/threaded https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt https://wpvulndb.com/vulnerabilities/8212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7682 – Pie Register – User Registration Forms < 2.0.19 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-7682
Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en pie-register/pie-register.php en el plugin Pie Register en versiones anteriores a 2.0.19 para WordPress permite a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) select_invitaion_code_bulk_option o (2) invi_del_id en la página pie-invitation-codes en wp-admin/admin.php. WordPress Pie Register plugin version 2.0.18 suffers from multiple remote blind SQL injection vulnerabilities. • http://packetstormsecurity.com/files/133929/WordPress-Pie-Register-2.0.18-SQL-Injection.html http://www.securityfocus.com/archive/1/536669/100/0/threaded https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt https://wpvulndb.com/vulnerabilities/8213 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •