[WordPress Pie Register Plugin](versions 126.96.36.199 and older) Vulnerability to Arbitrary User Deletion
★★★★★★★★☆☆ 8.2 / 10 - High
A SQL Injection vulnerability was discovered in WordPress Pie Register Plugin.
This vulnerability allows malicious attackers to delete arbitrary users and along with their posts when deleting users via an init action handler because this plugin doesn’t have authorisation and CSRF.
Update WordPress Pie Register Plugin to the newest version (188.8.131.52 and newer)
We provide information about critical vulnerabilities of WordPress for people who are using or are considering using Wordpress for their projects.
“[WordPress Pie Register Plugin](versions 184.108.40.206 and older) Vulnerability to Arbitrary User Deletion”, by WS Security is licensed under CC BY 4.0.