Platform
wordpress
Component
pie-register
Fixed in
3.8.5
CVE-2026-3571 is a data modification vulnerability in the Pie Register WordPress plugin. This flaw allows unauthenticated attackers to change registration form status, potentially leading to unauthorized access or manipulation of user data. This affects versions up to and including 3.8.4.8. Version 3.8.4.9 contains a fix for this vulnerability.
CVE-2026-3571 affects the Pie Register plugin for WordPress, enabling unauthenticated attackers to modify data, specifically the registration form status. The missing capability check in the pie_main() function allows unauthorized users to alter this configuration. This could lead to the creation of fake accounts, manipulation of existing user data, or even disabling the registration functionality, impacting the website's integrity and security. The CVSS score of 6.5 indicates a medium risk, requiring prompt attention to prevent potential attacks. This vulnerability exists in all plugin versions up to and including 3.8.4.8, meaning a significant number of websites may be at risk.
An unauthenticated attacker could exploit this vulnerability by sending specially crafted HTTP requests to the pie_main() function without the required capability. Due to the lack of a capability check, the attacker could modify the registration form status, even if they are not authenticated on the website. This could be achieved through manipulating parameters in the URL or in the request body. The success of exploitation depends on the web server configuration and the presence of other vulnerabilities that might facilitate access to the website. The unauthenticated nature of the vulnerability makes it particularly dangerous, as it doesn't require the attacker to have valid credentials.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The solution to mitigate CVE-2026-3571 is to update the Pie Register plugin to version 3.8.4.9 or higher. This version includes the necessary fix, implementing the missing capability check in the pie_main() function. It's crucial to perform this update as soon as possible to protect your website from potential attacks. Additionally, review existing user permissions to ensure only authorized users have access to the plugin's configuration. Monitoring your website's logs for suspicious activity can also help detect and prevent potential exploitation attempts. Finally, keeping WordPress and all plugins updated is a general security best practice.
Update to version 3.8.4.9, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
A CVSS score of 6.5 indicates a medium risk. It means the vulnerability could be exploited relatively easily and could have a significant impact on website security.
If you cannot update the plugin immediately, consider implementing additional security measures, such as restricting access to the admin panel and monitoring the website logs for suspicious activity.
Yes, this vulnerability affects all websites that use the Pie Register plugin in versions prior to 3.8.4.9.
Check the version of the Pie Register plugin in your WordPress admin panel. If it's less than 3.8.4.9, your website is vulnerable.
You can find more information about this vulnerability in the CVE database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3571
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.