CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24239 – Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24239
The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. Los Formularios Pie Register - User Registration. El plugin Invitation based registrations, Custom Login, Payments WordPress versiones anteriores a 3.7.0.1 no sanean el parámetro GET invitaion_code al generarlo en la página del código de activación, conllevando un problema de tipo Cross-Site Scripting • https://plugins.trac.wordpress.org/changeset/2507536 https://wpscan.com/vulnerability/f1b67f40-642f-451e-a67a-b7487918ee34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010207
https://notcve.org/view.php?id=CVE-2019-1010207
Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. • https://0day.today/exploit/31255 https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt https://seclists.org/bugtraq/2018/Oct/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15659 – Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments < 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-15659
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. El plugin pie-register antes de 3.1.2 para WordPress tiene inyección SQL, un problema diferente que CVE-2018-10969. The Pie Register plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions before 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wordpress.org/plugins/pie-register/#developers https://wpvulndb.com/vulnerabilities/9835 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2018-10969 – Pie Register <= 3.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-10969
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Vulnerabilidad de inyección SQL en el plugin Pie Register en versiones anteriores a la 3.0.10 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante la cuadrícula de códigos de invitación. Blind SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. WordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/44867 https://wordpress.org/plugins/pie-register/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7682 – Pie Register – User Registration Forms < 2.0.19 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-7682
Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en pie-register/pie-register.php en el plugin Pie Register en versiones anteriores a 2.0.19 para WordPress permite a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) select_invitaion_code_bulk_option o (2) invi_del_id en la página pie-invitation-codes en wp-admin/admin.php. WordPress Pie Register plugin version 2.0.18 suffers from multiple remote blind SQL injection vulnerabilities. • http://packetstormsecurity.com/files/133929/WordPress-Pie-Register-2.0.18-SQL-Injection.html http://www.securityfocus.com/archive/1/536669/100/0/threaded https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt https://wpvulndb.com/vulnerabilities/8213 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •