CVE-2025-34077

UNKNOWN 0.0

WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.

CWE	CWE-434 CWE-306 CWE-94
Vendor	genetech solutions
Product	wordpress pie register plugin
Published	Jul 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for genetech solutions wordpress pie register plugin

Be the first to know when new unknown vulnerabilities affecting genetech solutions wordpress pie register plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Genetech Solutions / WordPress Pie Register Plugin

* ≤ 3.7.1.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_pie_register_bypass_rce.rb exploit-db.com: https://www.exploit-db.com/exploits/50395 pieregister.com: https://pieregister.com/ github.com: https://github.com/GTSolutions/Pie-Register wordpress.org: https://wordpress.org/plugins/pie-register/ vulncheck.com: https://vulncheck.com/advisories/wordpress-pie-register-plugin-rce

Credits

Lotfi13-DZ