CVE-2025-34077

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
N/A
Affected
3
PROJECTS

Description

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.

rapid7/metasploit-framework
rapid7/metasploit-framework
Metasploit Framework
GitHubGitHub
38.4K
GTSolutions/Pie-Register
GTSolutions/Pie-Register
Pie-Register Wordpress Plugin
GitHubGitHub
3
Pie Register – User Registration, Profiles & Content Restriction
Pie Register – User Registration, Profiles & Content Restriction
<p><em>Create customized registration forms, Invite through email, Email Notification, User Roles assignment, and more.</em> Pie Register is a <a href="https://pieregister.com/features/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=website" rel="nofollow ugc">User Registration plugin</a> to help you create custom Login and Registration forms in minutes, with no coding skills required. You can customize the registration process and build advance registration flows using the various form fields. The plugin also comes with some additional security features to keep your website spam-free. Restrict content for exclusive Membership-based websites based on different user roles with Pie Register’s visibility restriction feature. You can create dynamic forms by giving your forms a personalized touch with Conditional Logic. Pie Register accepts payments using multiple payment gateways and restricts user registration based on invitations. Pie Register has extensive documentation and video tutorials to help you get started. It has an active support system that responds to your queries within 24 hours. <strong>The Best Part</strong> Pie Register offers <strong>perpetual licensing – purchase once and use for a lifetime!</strong> <span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/yjyPZ-E_fqg?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <h3>FREE KEY FEATURES</h3> <ul> <li>Drag and Drop Form Builder</li> <li>Front-end User Profiles</li> <li>Front-end User Registration</li> <li>Front-end user Login</li> <li>PasswordLess Registration</li> <li>Advanced Fields</li> <li>Set Redirection after Sign-up and Login</li> <li>Verify and Moderate User Registration</li> <li>Spam Protection</li> <li>PayPal Standard – Payment Gateway</li> <li>User Emails Templates and Automation</li> <li>Invite-Based Registration</li> <li>Auto-generate Password</li> <li>Content Restriction</li> <li>Data Import/Export</li> <li>Custom User Roles</li> <li>Profile Picture</li> <li>ReCaptcha</li> <li>Admin Helper Application</li> <li>Shortcodes</li> <li>Community Support</li> <li>Developer friendly with dozens of actions and filters</li> </ul> <h3>KEY FEATURES AVAILABLE IN FREE AND PRO VERSIONS WITH</h3> <p>BASIC AND ADVANCED OPTIONS ==</p> <ul> <li>File Upload </li> <li>Verify and Moderate User Registration </li> <li>Spam Protection</li> <li>Custom User Roles </li> <li>Invite-based Registration for Exclusive Websites</li> <li>User and Admin Email Notification Templates </li> <li>Data Import/Export </li> <li>Content Restriction</li> <li>Frontend User Login and forgot password forms</li> </ul> <h3>PREMIUM KEY FEATURES</h3> <ul> <li>Unlimited Registration Forms</li> <li>Advanced Fields</li> <li>Role-based Redirection</li> <li>Invite through emails</li> <li>Multiple Payment Gateways</li> <li>Customizable Login Security</li> <li>Timed-form submission (Define time in seconds to lock-out the bots)</li> <li>Auto-login after Registration</li> <li>Custom User Roles</li> <li>User and Admin Email Notification Templates and Automation</li> <li>Data Import/Export</li> <li>Global Content Restriction</li> <li>Restrict Widgets</li> <li>Allow and Block users</li> <li>Limit Form Entries Per Device</li> <li>hCaptcha</li> <li>Honeypot</li> <li>Conditional Logic</li> <li>Ticket-based Support</li> </ul> <p><a href="https://pieregister.com/features/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=website" rel="nofollow ugc">Complete Feature List</a></p> <h3>Invitation-based Registration</h3> <ul> <li>Generate invitation codes</li> <li>Auto Generate invitation codes</li> <li>Invite Users through Email</li> <li>Allow Users to Invite Other Users</li> <li>Track user Invitations</li> </ul> <h3>Make Your Forms More Advanced With Our Premium Add-ons</h3> <ul> <li> <p><strong><a href="https://pieregister.com/addons/paypal-recurring-payments-add-on/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">PayPal Subscriptions (Payment Gateway) Add-on</a></strong><br /> Allow users to make recurring payments and view subscription using the PayPal Subscriptions add-on.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/stripe-recurring-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Stripe Recurring (Payment Gateway) Add-on</a></strong><br /> Allow users to make recurring payments and view active subscriptions using the Stripe recurring payment add-on.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/stripe-payment-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Stripe One-Time (Payment Gateway) Add-on</a></strong><br /> Process membership payments using Pie Register’s Stripe Add-on.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/authorize-net-payment-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Authroize.net (Payment Gateway ) Add-on</a></strong><br /> Use Authorize.net Add-on to collect membership payments on Pie Register.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/social-login-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Social Login Add-on</a></strong><br /> Let users log in via their social handles, i-e, Facebook, Twitter, Google, LinkedIn, Yahoo, and WordPress accounts, to make the registration process quick and hassle-free.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/mailchimp-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">MailChimp Add-on</a></strong><br /> Export site users into MailChimp lists to send communication, sales, and marketing emails using the admin dashboard.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/two-step-authentication-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Twilio - Two-step Authentication (SMS) Add-on</a></strong><br /> Want to have a super-secure site? No Problem. With Pie Register and TWILIO, you can verify registration via SMS/Text messages sent to their cell phones. The admin can get notified when new users register.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/profile-search-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Profile Search Add-on</a></strong><br /> Allow users to search/filter to display user data with the Profile Search tool. User information displayed in the filtered/search results can be limited based on the admin’s choice.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/geolocation/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Geo Location Add-on</a></strong><br /> It lets you collect user Geolocation data and provides information like country, city, zip code, latitude/longitude, and location map for registered users.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/bulk-email-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Bulk Email Add-on</a></strong><br /> Send emails in bulk to all the registered users at once. Select the form name, and all the users registered through that form and send emails in one go!</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/field-visibility-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">Field visibility Add-on</a></strong><br /> Allows you to show or hide specific fields on the front-end registration form or the user’s profile page.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/woocommerce-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">WooCommerce Add-on</a></strong><br /> Hide or display specific Pie Register fields on the WooCommerce checkout page. Also, you can add billing and shipping fields to your registration form. Replace the default WooCommerce login and registration forms with Pie Register login and registration forms, and send a free gift product upon registration.</p> </li> <li> <p><strong><a href="https://pieregister.com/addons/bbpress-addon/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=addons" rel="nofollow ugc">bbPress Add-on</a></strong><br /> Show the Pie Register fields on your bbPress User profile, and let your users edit the profile directly from bbPress.</p> </li> </ul> <p><a href="https://pieregister.com/addons/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=website" rel="nofollow ugc">Add-ons Details</a></p> <h3>INTEGRATIONS WITH THIRD-PARTY APPLICATIONS</h3> <ol> <li><a href="https://www.paypal.com/pk/home" rel="nofollow ugc">Paypal</a></li> <li><a href="https://stripe.com/" rel="nofollow ugc">Stripe</a></li> <li><a href="https://www.authorize.net/" rel="nofollow ugc">Authorize.net</a></li> <li><a href="https://www.twilio.com/sms" rel="nofollow ugc">Twilio SMS</a></li> <li><a href="https://mailchimp.com/" rel="nofollow ugc">Mailchimp</a></li> <li><a href="https://elementor.com/" rel="nofollow ugc">Elementor</a></li> <li><a href="https://wpbakery.com/" rel="nofollow ugc">WPBakery Page Builder</a></li> <li><a href="https://www.elegantthemes.com/" rel="nofollow ugc">Divi</a></li> <li><a href="https://woocommerce.com/" rel="nofollow ugc">WooCommerce</a></li> </ol> <h3>Useful Resources</h3> <p>Community forum: <a href="https://wordpress.org/support/plugin/pie-register/" rel="ugc">https://wordpress.org/support/plugin/pie-register/</a></p> <p>Blog: <a href="https://pieregister.com/blog/" rel="nofollow ugc">https://pieregister.com/blog/</a><br /> Contact Us: <a href="https://pieregister.com/contact-us/" rel="nofollow ugc">https://pieregister.com/contact-us/</a></p> <p>Get Started: <a href="https://pieregister.com/documentation/" rel="nofollow ugc">https://pieregister.com/documentation/</a></p> <p>Video Tutorials: <a href="https://www.youtube.com/channel/UCuLxfC2jcyAS5ns4ZT_7jcQ" rel="nofollow ugc">https://www.youtube.com/channel/UCuLxfC2jcyAS5ns4ZT_7jcQ</a></p> <p>Give Pie Register a try! And you will know how amazing it is!</p> <p><strong><em>Unlock more features? Upgrade to our <a href="https://pieregister.com/plan-and-pricing/?utm_source=plugin-freeversion&amp;utm_medium=wordpressorg&amp;utm_campaign=go_pro&amp;utm_content=website" rel="nofollow ugc">PRO version</a></em></strong></p> <h3>SHORTCODES</h3> <p>Here are some basic form shortcodes that you can embed:</p> <ul> <li>For login form use: <strong>[pie_register_login]</strong></li> <li>For Registration form use: <strong>[pie_register_form]</strong></li> <li>For forgot password form use: <strong>[pie_register_forgot_password]</strong></li> <li>For profile page use: <strong>[pie_register_profile]</strong></li> </ul> <p><strong>What’s Next?</strong></p> <p>Liked Pie Register? Do check out our other projects.</p> <p><a href="https://pieforms.com/?utm_source=pieregister&amp;utm_medium=repo&amp;utm_campaign=detailtab" rel="nofollow ugc">Pie Forms</a>: Pie Forms is your custom Drag and Drop Form Builder with a user-friendly interface, built-in ready-to-use templates, and various Form Field options to Create Advanced Forms without a single line of code. Apart from simple registration, it lets you create all forms, including contact forms, surveys, job applications, appointments, etc.</p> <p><a href="https://pagebuilderaddons.com/?utm_source=pieregister&amp;utm_medium=repo&amp;utm_campaign=detailtab" rel="nofollow ugc">PB addons for WPBakery</a>: Build your website with premium quality Web and WooCommerce elements for WPBakery Page Builder.</p>
WordPress Plugin DirectoryWordPress Plugin Directory
606K