CVE-2014-8802

WordPress Pie Register <2.0.14 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8802. PoCs published by Kacper Szurek.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Pie Register 2.0.13, allowing an attacker to import a CSV file with an administrator account and activate it to gain elevated privileges.

Description

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · textwebappsphp

https://www.exploit-db.com/exploits/35823

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in Pie Register 2.0.13, allowing an attacker to import a CSV file with an administrator account and activate it to gain elevated privileges.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Pie Register 2.0.13

No auth needed

Prerequisites: Access to the WordPress installation with Pie Register plugin · Ability to submit a CSV file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62351

Vendor Advisory x_refsource_confirm

https://wordpress.org/plugins/pie-register/changelog/

Exploit x_refsource_misc

http://security.szurek.pl/pie-register-2013-privilege-escalation.html

Scores

EPSS 0.0780

EPSS Percentile 93.9%

Details

CWE

CWE-264

Status published

Products (1)

genetechsolutions/pie_register < 2.0.13

Published Jan 23, 2015

Tracked Since Feb 18, 2026