Description
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
Published: 2025-07-09
Score: 10 Critical
EPSS: 76.2% High
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the WordPress Pie Register plugin allows an unauthenticated attacker to spoof any user by sending a crafted POST to the login endpoint. The attacker can set a parameter that causes a valid session cookie to be generated for any user ID, including administrators. With that session, the attacker can use the plugin’s upload feature to install a malicious PHP plugin and run arbitrary code on the server. The flaw stems from missing authentication checks, unrestricted file upload, and lack of proper input validation, as reflected in CWE‑306, CWE‑434 and CWE‑94.

Affected Systems

Genetech Solutions’ WordPress Pie Register Plugin version 3.7.1.4 or earlier is affected. The vulnerability exists in all installations using this or earlier plugin releases on WordPress sites.

Risk and Exploitability

The CVSS score of 10 indicates critical severity, and an EPSS score of 76% shows a high likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit it purely remotely by sending an unauthenticated POST request to the login endpoint, forging authentication, and then uploading a malicious plugin via the provided upload function. Exploitation tools such as the Rapid7 Metasploit module and publicly available scripts confirm the attack path is straightforward for attackers with internet access to the vulnerable site.

Generated by OpenCVE AI on May 5, 2026 at 14:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WordPress Pie Register Plugin to the latest version that removes the authentication bypass and enforces proper file‑type validation.
  • If an upgrade cannot be performed immediately, disable the plugin’s upload capability or delete the upload directory to block malicious plugin installations.
  • After mitigating the upload vector, ensure that only authenticated administrators can access the upload facilities, enforce strict MIME type checks, and place the site behind a firewall that blocks unauthenticated POST requests to the login endpoint.

Generated by OpenCVE AI on May 5, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 21 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Genetechsolutions
Genetechsolutions pie Register
CPEs cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
Vendors & Products Genetechsolutions
Genetechsolutions pie Register

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00642}

 epss

{'score': 0.00473}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00539}

 epss

{'score': 0.00642}

Wed, 09 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 09 Jul 2025 01:15:00 +0000

Type Values Removed Values Added
Description An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
Title WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
Weaknesses CWE-306
CWE-434
CWE-94
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Genetechsolutions Pie Register
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T11:14:36.227Z

Reserved: 2025-04-15T19:15:22.550Z

Link: CVE-2025-34077

cve-icon Vulnrichment

Updated: 2025-07-09T17:55:06.789Z

cve-icon NVD

Status : Deferred

Published: 2025-07-09T01:15:49.780

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34077

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T14:45:05Z

Weaknesses