CVE-2013-4954

NONE EPSS 92.6%
Published Jul 29, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jul 29, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.

Threat Intelligence

EPSS Exploit Probability
92.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 23

VendorProductVersionRange
genetechsolutionspie-register* ≤1.30
genetechsolutionspie-register1.0.1any
genetechsolutionspie-register1.1.1any
genetechsolutionspie-register1.1.2any
genetechsolutionspie-register1.1.3any
genetechsolutionspie-register1.1.5any
genetechsolutionspie-register1.1.6any
genetechsolutionspie-register1.1.7any
genetechsolutionspie-register1.1.8any
genetechsolutionspie-register1.1.9any
genetechsolutionspie-register1.1.9any
genetechsolutionspie-register1.2.0any
genetechsolutionspie-register1.2.1any
genetechsolutionspie-register1.2.2any
genetechsolutionspie-register1.2.3any
genetechsolutionspie-register1.2.4any
genetechsolutionspie-register1.2.6any
genetechsolutionspie-register1.2.7any
genetechsolutionspie-register1.2.8any
genetechsolutionspie-register1.2.9any
genetechsolutionspie-register1.2.9any
genetechsolutionspie-register1.2.91any
wordpresswordpress*any

References 7

Remediation

  • plugins.trac.wordpress.org http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register
    ExploitPatch