vulnerability
WordPress Plugin: pie-register: CVE-2025-34077: Authentication Bypass Using an Alternate Path or Channel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Oct 11, 2021 | Jul 28, 2025 | Apr 30, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 11, 2021
Added
Jul 28, 2025
Modified
Apr 30, 2026
Description
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form and Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.7.1.4. This is due to the plugin not properly validating the identity of a user prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including administrators.
Solution
pie-register-plugin-cve-2025-34077
References
- https://www.cve.org/CVERecord?id=CVE-2025-34077
- https://www.wordfence.com/threat-intel/vulnerabilities/id/819b9565-2eb1-4b87-bf3a-5cd93429cafe?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-20764
- CVE-2025-34077
- https://attackerkb.com/topics/CVE-2025-34077
- CWE-434
- CWE-306
- CWE-94
- EUVD-EUVD-2025-20764
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.