Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Pie Register – User Registration, Profiles & Content Restriction by genetechproducts

    CVE-2026-3571 (GCVE-0-2026-3571)

    Vulnerability from nvd – Published: 2026-04-04 01:24 – Updated: 2026-04-08 16:45
    VLAI
    Title
    Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification
    Summary
    The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Youssef Elouaer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3571",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-06T13:22:02.914394Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-06T13:22:15.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction",
              "vendor": "genetechproducts",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Youssef Elouaer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:45:02.699Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3137a85e-82e3-4111-ae60-1bcf1abd0c0b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3494602/pie-register"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-03T13:05:56.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction \u003c= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-3571",
        "datePublished": "2026-04-04T01:24:06.082Z",
        "dateReserved": "2026-03-04T21:06:23.152Z",
        "dateUpdated": "2026-04-08T16:45:02.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-13818 (GCVE-0-2024-13818)

    Vulnerability from nvd – Published: 2025-02-21 03:21 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files
    Summary
    The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Credits
    wesley
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13818",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-21T15:46:36.033182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-21T21:28:18.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction",
              "vendor": "genetechproducts",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "wesley"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:32.412Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/768730c1-a70e-432d-a234-4ce2b8aec424?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/trunk/classes/base_variables.php#L68"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3255985%40pie-register%2Ftrunk\u0026old=3246810%40pie-register%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-20T15:01:12.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction \u003c= 3.8.4 - Sensitive Information Exposure via Log Files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-13818",
        "datePublished": "2025-02-21T03:21:20.724Z",
        "dateReserved": "2025-01-31T17:45:58.920Z",
        "dateUpdated": "2026-04-08T17:01:32.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6069 (GCVE-0-2024-6069)

    Vulnerability from nvd – Published: 2024-07-09 08:33 – Updated: 2026-04-08 17:17
    VLAI
    Title
    Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
    Summary
    The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    genetechproducts Pie Register – User Registration, Profiles & Content Restriction Affected: 0 , ≤ 3.8.3.4 (semver)
    Create a notification for this product.
    genetech_products registration_forms Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:registration_forms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products user_registration_forms Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:user_registration_forms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products front_end_user_profile_login_form Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:front_end_user_profile_login_form:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products invitation_based_registrations Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:invitation_based_registrations:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products content_registration Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:content_registration:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:registration_forms:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "registration_forms",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:user_registration_forms:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "user_registration_forms",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:front_end_user_profile_login_form:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "front_end_user_profile_login_form",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:invitation_based_registrations:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "invitation_based_registrations",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:content_registration:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "content_registration",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6069",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:02:56.534262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:28:07.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L794"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L727"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L761"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction",
              "vendor": "genetechproducts",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:17:58.734Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L794"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L727"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L761"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3116424/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-30T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2024-07-08T19:39:26.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Pie Register - Basic \u003c= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-6069",
        "datePublished": "2024-07-09T08:33:11.030Z",
        "dateReserved": "2024-06-17T14:06:13.932Z",
        "dateUpdated": "2026-04-08T17:17:58.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3571 (GCVE-0-2026-3571)

    Vulnerability from cvelistv5 – Published: 2026-04-04 01:24 – Updated: 2026-04-08 16:45
    VLAI
    Title
    Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification
    Summary
    The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Youssef Elouaer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3571",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-06T13:22:02.914394Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-06T13:22:15.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction",
              "vendor": "genetechproducts",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Youssef Elouaer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:45:02.699Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3137a85e-82e3-4111-ae60-1bcf1abd0c0b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3494602/pie-register"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-03T13:05:56.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction \u003c= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-3571",
        "datePublished": "2026-04-04T01:24:06.082Z",
        "dateReserved": "2026-03-04T21:06:23.152Z",
        "dateUpdated": "2026-04-08T16:45:02.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-13818 (GCVE-0-2024-13818)

    Vulnerability from cvelistv5 – Published: 2025-02-21 03:21 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files
    Summary
    The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Credits
    wesley
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13818",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-21T15:46:36.033182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-21T21:28:18.290Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction",
              "vendor": "genetechproducts",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "wesley"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:32.412Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/768730c1-a70e-432d-a234-4ce2b8aec424?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/trunk/classes/base_variables.php#L68"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3255985%40pie-register%2Ftrunk\u0026old=3246810%40pie-register%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-20T15:01:12.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction \u003c= 3.8.4 - Sensitive Information Exposure via Log Files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-13818",
        "datePublished": "2025-02-21T03:21:20.724Z",
        "dateReserved": "2025-01-31T17:45:58.920Z",
        "dateUpdated": "2026-04-08T17:01:32.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6069 (GCVE-0-2024-6069)

    Vulnerability from cvelistv5 – Published: 2024-07-09 08:33 – Updated: 2026-04-08 17:17
    VLAI
    Title
    Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
    Summary
    The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    genetechproducts Pie Register – User Registration, Profiles & Content Restriction Affected: 0 , ≤ 3.8.3.4 (semver)
    Create a notification for this product.
    genetech_products registration_forms Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:registration_forms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products user_registration_forms Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:user_registration_forms:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products front_end_user_profile_login_form Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:front_end_user_profile_login_form:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products invitation_based_registrations Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:invitation_based_registrations:*:*:*:*:*:*:*:*
    Create a notification for this product.
    genetech_products content_registration Affected: 0 , ≤ 3.8.3.4 (custom)
        cpe:2.3:a:genetech_products:content_registration:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:registration_forms:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "registration_forms",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:user_registration_forms:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "user_registration_forms",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:front_end_user_profile_login_form:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "front_end_user_profile_login_form",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:invitation_based_registrations:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "invitation_based_registrations",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:genetech_products:content_registration:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "content_registration",
                "vendor": "genetech_products",
                "versions": [
                  {
                    "lessThanOrEqual": "3.8.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6069",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:02:56.534262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:28:07.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L794"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L727"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L761"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pie Register \u2013 User Registration, Profiles \u0026 Content Restriction",
              "vendor": "genetechproducts",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form \u0026 Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:17:58.734Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L794"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L727"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pie-register/tags/3.8.3.4/pie-register.php#L761"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3116424/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-30T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2024-07-08T19:39:26.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Pie Register - Basic \u003c= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-6069",
        "datePublished": "2024-07-09T08:33:11.030Z",
        "dateReserved": "2024-06-17T14:06:13.932Z",
        "dateUpdated": "2026-04-08T17:17:58.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }