CVE-2021-24731
published 2021-11-08CVE-2021-24731: The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.54%
93.8th percentile
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| genetechsolutions | pie_register | < 3.7.1.6 | 3.7.1.6 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: CVE-2021-24731 Pie Register SQLi
detection:
selection:
status_code: 200
content_type|contains: 'application/json'
body|contains: 'User credentials are invalid.'
condition: selection- →Monitor HTTP requests targeting the REST API endpoint wp-json/pie/v1/login for SQL injection payloads (e.g., single quotes, UNION/SELECT keywords) in POST body parameters. ↗
- →A successful exploitation attempt against this endpoint returns HTTP 200 with Content-Type application/json and the body string 'User credentials are invalid.' — use this as a positive match indicator in WAF/SIEM rules.
- →The vulnerable plugin version is Pie Register (Registration Forms) before 3.7.1.6; presence of older versions on a host is a risk indicator. ↗
- ·The SQLi is unauthenticated and exposed via the public REST API endpoint; no authentication is required to reach wp-json/pie/v1/login, widening the attack surface. ↗
- ·The nuclei/template digest provided can be used to verify template integrity; mismatches may indicate a tampered or unofficial template.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Pie Register < 3.7.1.6 - SQL Injection
nuclei·CVSS 9.8
CVE-2021-24731 [CRITICAL] Pie Register < 3.7.1.6 - SQL Injection
Pie Register =6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "User credentials are invalid.")'
condition: and
# digest: 490a00463044022010789feb6f2d48cfb9291a2136dd7d7dfa3b5897a1935799812d2a94771ff94802200b8572bba5433e6792ffb32a576fc9920e4f9daeedb93db0dd49a0ccfca56f8b:922c64590222798bb761d5b6d8e72950
2021-11-08
Published