CVE-2026-3571
Unauthorized Data Modification in Pie Register Plugin via Missing Capability Check
Publication date: 2026-04-04
Last updated on: 2026-04-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pie_register | pie_register | to 3.8.4.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Pie Register β User Registration, Profiles & Content Restriction plugin for WordPress has a vulnerability due to a missing capability check in the pie_main() function in all versions up to and including 3.8.4.8. This flaw allows unauthenticated attackers to modify data by changing the registration form status without proper authorization.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to change the status of registration forms on your WordPress site. Since the vulnerability permits unauthenticated attackers to modify registration form data, it can lead to unauthorized changes in user registration processes, potentially disrupting user management and access controls.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the Pie Register plugin allows unauthenticated attackers to modify registration form status due to a missing capability check. This unauthorized modification of data could potentially lead to improper handling of user registration data.
Such unauthorized data modification may impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over personal data integrity and access. If attackers can alter registration data without authorization, it could result in violations of these standards concerning data accuracy, user consent, and security.
However, the provided information does not explicitly state the direct compliance impact or any regulatory consequences.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-3571 in the Pie Register WordPress plugin, you should immediately update the plugin to version 3.8.4.9 or later.
This update includes a comprehensive security fix that addresses the unauthorized modification of data by adding proper capability checks and revising authentication and user management components.