Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction 3.7.2.4

  • Severity: medium-risk
  • Status: Open
  • Publication: October 21, 2021

The Pie Register is a WordPress plugin for user registration forms, invitation-based registrations, and custom login pages. It has recently been discovered that versions up to 3.7.2.3 of this plugin are vulnerable to something called an Open Redirect. This happens when the plugin does not properly validate the redirect url that is supplied via the ‘redirect_to’ parameter. This makes it possible for unauthenticated attackers to redirect unsuspecting users to malicious websites if they can somehow get the user to perform an action.

Detected in:

Pie Register – User Registration, Profiles & Content Restriction fixed vulnerable versions:
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction open vulnerable versions: >= * < 3.7.2.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.