CVE-2014-8802
published 2015-01-23CVE-2014-8802: The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers…
PriorityP341medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
7.80%
93.9th percentile
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| genetechsolutions | pie_register | <= 2.0.13 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/62351http://security.szurek.pl/pie-register-2013-privilege-escalation.htmlhttps://wordpress.org/plugins/pie-register/changelog/http://secunia.com/advisories/62351http://security.szurek.pl/pie-register-2013-privilege-escalation.htmlhttps://wordpress.org/plugins/pie-register/changelog/
2015-01-23
Published