CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24239 – Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24239
The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. Los Formularios Pie Register - User Registration. El plugin Invitation based registrations, Custom Login, Payments WordPress versiones anteriores a 3.7.0.1 no sanean el parámetro GET invitaion_code al generarlo en la página del código de activación, conllevando un problema de tipo Cross-Site Scripting • https://plugins.trac.wordpress.org/changeset/2507536 https://wpscan.com/vulnerability/f1b67f40-642f-451e-a67a-b7487918ee34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010207
https://notcve.org/view.php?id=CVE-2019-1010207
Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. • https://0day.today/exploit/31255 https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt https://seclists.org/bugtraq/2018/Oct/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15659 – Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments < 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-15659
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. El plugin pie-register antes de 3.1.2 para WordPress tiene inyección SQL, un problema diferente que CVE-2018-10969. The Pie Register plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions before 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wordpress.org/plugins/pie-register/#developers https://wpvulndb.com/vulnerabilities/9835 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2018-10969 – Pie Register <= 3.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-10969
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Vulnerabilidad de inyección SQL en el plugin Pie Register en versiones anteriores a la 3.0.10 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante la cuadrícula de códigos de invitación. Blind SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. WordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/44867 https://wordpress.org/plugins/pie-register/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7377 – Pie Register – User Registration Forms < 2.0.19 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-7377
Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI. Vulnerabilidad de XSS en pie-register/pie-register.php en el plugin Pie Register en versiones anteriores a 2.0.19 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro invitaion_code en una página pie-register en la URI por defecto. WordPress Pie Register plugin version 2.0.18 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536668/100/0/threaded https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt https://wpvulndb.com/vulnerabilities/8212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •