CVE-2026-3571

MEDIUM

Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

Title source: cna

Description

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0002
EPSS Percentile 5.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

CWE
CWE-862
Status published
Products (1)
genetechproducts/Pie Register – User Registration, Profiles & Content Restriction < 3.8.4.8
Published Apr 04, 2026
Tracked Since Apr 04, 2026