Description
Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
Published: 2025-03-15
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a path traversal flaw in the WordPress Pie Register Premium plugin that permits an attacker to construct file paths for the delete operation. The flaw results in the removal of one or more files on the web server, which can include potentially critical configuration or content files. The impact is limited to deletion rather than arbitrary file modification or disclosure, but the loss of files can still lead to data loss, downtime, or compromise of site availability.

Affected Systems

All installations of the WordPress Pie Register Premium plugin up to and including version 3.8.3.2 are affected. The plugin is distributed by NotFound and is commonly used for user registration and management within WordPress sites.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and there are no confirmed public exploits at the time of this analysis. The attack vector is inferred to be remote, accessed through the plugin’s web interface, as the flaw enables path manipulation in a request that triggers file deletion.

Generated by OpenCVE AI on May 1, 2026 at 13:44 UTC.

Remediation

Vendor Solution

Update the WordPress Pie Register Premium wordpress plugin to the latest available version (at least 3.8.3.3).

OpenCVE Recommended Actions

  • Update the WordPress Pie Register Premium plugin to version 3.8.3.3 or later.
  • If the plugin is no longer required, disable or uninstall it from the WordPress installation.
  • Restrict file system permissions on the web root and plugin directories to prevent deletion of critical files by the web server process.

Generated by OpenCVE AI on May 1, 2026 at 13:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7722 Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in NotFound Pie Register Premium pie-register-premium.This issue affects Pie Register Premium: from n/a through <= 3.8.3.2. Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. Path Traversal: '.../...//' vulnerability in NotFound Pie Register Premium pie-register-premium.This issue affects Pie Register Premium: from n/a through <= 3.8.3.2.
References

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00064}

 epss

{'score': 0.0008}

Tue, 18 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 15 Mar 2025 22:15:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
Title WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:44.313Z

Reserved: 2025-02-17T11:51:18.743Z

Link: CVE-2025-26940

cve-icon Vulnrichment

Updated: 2025-03-17T14:59:27.737Z

cve-icon NVD

Status : Deferred

Published: 2025-03-15T22:15:14.810

Modified: 2026-04-28T19:29:50.467

Link: CVE-2025-26940

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T13:45:06Z

Weaknesses