CVE-2023-0552
published 2023-02-27CVE-2023-0552: The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open…
PriorityP274medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
24.26%
97.6th percentile
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| genetechsolutions | pie_register | < 3.8.2.3 | 3.8.2.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request to /wp-admin with parameters piereg_logout_url=true and redirect_to set to an external URL; a vulnerable site will issue a Location header redirecting to the attacker-controlled domain. ↗
- →Detect exploitation by inspecting HTTP response Location headers for an unvalidated external redirect originating from the /wp-admin endpoint with the piereg_logout_url=true query parameter. ↗
- →The vulnerability is triggered via the redirect_to parameter during login and logout flows in the Pie Register WordPress plugin; monitor for unexpected values in this parameter pointing to external domains. ↗
- ·The Nuclei template requires redirects to be followed (redirects: true) to capture the Location header for matching; ensure your scanner or proxy is configured to capture redirect responses rather than auto-follow them silently. ↗
- ·The vulnerability affects Pie Register (Registration Forms) WordPress plugin versions before 3.8.2.3 only; verify the installed plugin version before triaging alerts. ↗
- ·Exploitation requires an authenticated attacker with low privileges (PR:L), so unauthenticated probes against this endpoint may not reproduce the redirect in all configurations.
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c3g4-xw3p-p3v6: The Registration Forms WordPress plugin before 3
ghsa_unreviewed·2023-02-27
CVE-2023-0552 [MEDIUM] CWE-601 GHSA-c3g4-xw3p-p3v6: The Registration Forms WordPress plugin before 3
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
VulnCheck
genetechsolutions pie_register URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2023·CVSS 5.4
CVE-2023-0552 [MEDIUM] genetechsolutions pie_register URL Redirection to Untrusted Site ('Open Redirect')
genetechsolutions pie_register URL Redirection to Untrusted Site ('Open Redirect')
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
Affected: genetechsolutions pie_register
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-27&host_type=src&vulnerability=cve-2023-0552; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-06&host_type=src&vulnerability=cve-2023-0552; https://dashboard.shadowserver.org/statistics/honeyp
No detection rules found.
Nuclei
WordPress Pie Register <3.8.2.3 - Open Redirect
nuclei·CVSS 5.4
CVE-2023-0552 [MEDIUM] WordPress Pie Register <3.8.2.3 - Open Redirect
WordPress Pie Register <3.8.2.3 - Open Redirect
WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2023-0552
info:
name: WordPress Pie Register <3.8.2.3 - Open Redirect
author: r3Y3r53
severity: medium
description: |
WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or
2023-02-27
Published
Exploited in the wild