Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24647 | 1 Genetechsolutions | 1 Pie Register | 2021-11-10 | 6.8 MEDIUM | 8.1 HIGH |
| The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username | |||||
| CVE-2021-24731 | 1 Genetechsolutions | 1 Pie Register | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. | |||||
| CVE-2021-24239 | 1 Genetechsolutions | 1 Pie Register | 2021-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. | |||||
| CVE-2019-15659 | 1 Genetechsolutions | 1 Pie Register | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. | |||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | |||||
| CVE-2015-7682 | 1 Genetechsolutions | 1 Pie Register | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | |||||
| CVE-2015-7377 | 1 Genetechsolutions | 1 Pie Register | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI. | |||||
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | |||||
| CVE-2014-8802 | 1 Genetechsolutions | 1 Pie Register | 2015-01-26 | 5.0 MEDIUM | N/A |
| The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action. | |||||