CVE-2025-34077
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-07-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| genetech_products | pie_register | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in the WordPress Pie Register plugin version 3.7.1.4 and earlier. It allows unauthenticated attackers to impersonate any user by sending a specially crafted POST request to the login endpoint with manipulated parameters. This lets the attacker generate a valid session cookie for any user, including administrators. After gaining access, the attacker can upload a malicious plugin containing arbitrary PHP code, leading to remote code execution on the server.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain unauthorized access to your WordPress site as any user, including administrators. This can lead to the installation of malicious plugins that execute arbitrary code on your server, potentially compromising the entire system, stealing data, defacing the website, or using the server for further attacks.