CVE-2018-10969

CRITICAL

Pie Register < 3.0.10 - SQL Injection via Invitation Codes Grid

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10969. PoCs published by Manuel García Cárdenas.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in WordPress Plugin Pie Register versions <= 3.0.9. The 'order' parameter in the invitation code pagination feature is not properly sanitized, allowing for time-based SQL injection attacks.

Description

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.

Exploits (1)

exploitdb WORKING POC
by Manuel García Cárdenas · textwebappsphp
https://www.exploit-db.com/exploits/44867

This exploit demonstrates a blind SQL injection vulnerability in WordPress Plugin Pie Register versions <= 3.0.9. The 'order' parameter in the invitation code pagination feature is not properly sanitized, allowing for time-based SQL injection attacks.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Pie Register <= 3.0.9
Auth required
Prerequisites: Access to WordPress admin panel · Pie Register plugin installed and activated
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44867/

Scores

CVSS v3 9.8
EPSS 0.0533
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
genetechsolutions/pie_register < 3.0.10
Published Jun 17, 2018
Tracked Since Feb 18, 2026