cbcvebase.
CVE-2021-24731
published 2021-11-08

CVE-2021-24731: The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.54%
93.8th percentile
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.

Affected

1 ranges
VendorProductVersion rangeFixed in
genetechsolutionspie_register< 3.7.1.63.7.1.6

Detection & IOCsextracted from sources · hover to see the quote

urlwp-json/pie/v1/login
sigma
title: CVE-2021-24731 Pie Register SQLi
detection:
  selection:
    status_code: 200
    content_type|contains: 'application/json'
    body|contains: 'User credentials are invalid.'
  condition: selection
  • Monitor HTTP requests targeting the REST API endpoint wp-json/pie/v1/login for SQL injection payloads (e.g., single quotes, UNION/SELECT keywords) in POST body parameters.
  • A successful exploitation attempt against this endpoint returns HTTP 200 with Content-Type application/json and the body string 'User credentials are invalid.' — use this as a positive match indicator in WAF/SIEM rules.
  • The vulnerable plugin version is Pie Register (Registration Forms) before 3.7.1.6; presence of older versions on a host is a risk indicator.
  • ·The SQLi is unauthenticated and exposed via the public REST API endpoint; no authentication is required to reach wp-json/pie/v1/login, widening the attack surface.
  • ·The nuclei/template digest provided can be used to verify template integrity; mismatches may indicate a tampered or unofficial template.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.