Access Control Flaw in Pie Register Plugin for WordPress by WordPress
CVE-2014-8802

Currently unrated

Key Information:

Vendor

Wordpress
Status
Pie Register
Vendor
CVE Published:
23 January 2015

What is CVE-2014-8802?

The Pie Register plugin for WordPress prior to version 2.0.14 contains an access control vulnerability that allows remote attackers to manipulate user accounts. By exploiting improper restrictions in the pie-register.php file, an attacker can upload a malicious CSV file to add new users or activate existing accounts. This serious flaw emphasizes the need for regular plugin updates and diligent security practices to safeguard user data.

References

http://secunia.com/advisories/62351
third-party-advisoryx_refsource_SECUNIA
https://wordpress.org/plugins/pie-register/changelog/
x_refsource_CONFIRM
http://security.szurek.pl/pie-register-2013-privilege-esc...
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.