← back
CVE-2014-8802

CVE-2014-8802

EPSS 7.8%
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/35823unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/62351http://security.szurek.pl/pie-register-2013-privilege-escalation.htmlhttps://wordpress.org/plugins/pie-register/changelog/