CVE-2013-4954
NONE EPSS 92.6%
Published Jul 29, 201312y ago · Modified Jun 16, 20262w ago
Published Jul 29, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
Threat Intelligence
EPSS Exploit Probability
92.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| genetechsolutions | pie-register | * | ≤1.30 |
| genetechsolutions | pie-register | 1.0.1 | any |
| genetechsolutions | pie-register | 1.1.1 | any |
| genetechsolutions | pie-register | 1.1.2 | any |
| genetechsolutions | pie-register | 1.1.3 | any |
| genetechsolutions | pie-register | 1.1.5 | any |
| genetechsolutions | pie-register | 1.1.6 | any |
| genetechsolutions | pie-register | 1.1.7 | any |
| genetechsolutions | pie-register | 1.1.8 | any |
| genetechsolutions | pie-register | 1.1.9 | any |
| genetechsolutions | pie-register | 1.1.9 | any |
| genetechsolutions | pie-register | 1.2.0 | any |
| genetechsolutions | pie-register | 1.2.1 | any |
| genetechsolutions | pie-register | 1.2.2 | any |
| genetechsolutions | pie-register | 1.2.3 | any |
| genetechsolutions | pie-register | 1.2.4 | any |
| genetechsolutions | pie-register | 1.2.6 | any |
| genetechsolutions | pie-register | 1.2.7 | any |
| genetechsolutions | pie-register | 1.2.8 | any |
| genetechsolutions | pie-register | 1.2.9 | any |
| genetechsolutions | pie-register | 1.2.9 | any |
| genetechsolutions | pie-register | 1.2.91 | any |
| wordpress | wordpress | * | any |
References 7
- osvdb.org http://osvdb.org/95160
- plugins.trac.wordpress.org http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register
- secunia.com http://secunia.com/advisories/54123
- wordpress.org http://wordpress.org/plugins/pie-register/changelog/
- wordpress.org http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting
- securityfocus.com http://www.securityfocus.com/bid/61140
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/85604
Remediation
- plugins.trac.wordpress.org http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register