top of page

Posts

[WordPress Pie Register Plugin](versions 3.8.1.2 and older) Vulnerability



[WordPress Pie Register Plugin](versions 3.8.1.2 and older) Vulnerability to Arbitrary User Deletion



Importance (CVSS3.0)

★★★★★★★★☆☆ 8.2 / 10 - High


Details

A SQL Injection vulnerability was discovered in WordPress Pie Register Plugin.


This vulnerability allows malicious attackers to delete arbitrary users and along with their posts when deleting users via an init action handler because this plugin doesn’t have authorisation and CSRF.



Solutions

Update WordPress Pie Register Plugin to the newest version (3.8.1.3 and newer)


Source





We provide information about critical vulnerabilities of WordPress for people who are using or are considering using Wordpress for their projects.






Comments


bottom of page