CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24239 – Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24239
The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. Los Formularios Pie Register - User Registration. El plugin Invitation based registrations, Custom Login, Payments WordPress versiones anteriores a 3.7.0.1 no sanean el parámetro GET invitaion_code al generarlo en la página del código de activación, conllevando un problema de tipo Cross-Site Scripting • https://plugins.trac.wordpress.org/changeset/2507536 https://wpscan.com/vulnerability/f1b67f40-642f-451e-a67a-b7487918ee34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010207
https://notcve.org/view.php?id=CVE-2019-1010207
Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. • https://0day.today/exploit/31255 https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt https://seclists.org/bugtraq/2018/Oct/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15659 – Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments < 3.1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-15659
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. El plugin pie-register antes de 3.1.2 para WordPress tiene inyección SQL, un problema diferente que CVE-2018-10969. The Pie Register plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions before 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wordpress.org/plugins/pie-register/#developers https://wpvulndb.com/vulnerabilities/9835 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •