{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3571", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-04T21:06:23.152Z", "datePublished": "2026-04-04T01:24:06.082Z", "dateUpdated": "2026-04-08T16:45:02.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:45:02.699Z"}, "affected": [{"vendor": "genetechproducts", "product": "Pie Register \u2013 User Registration, Profiles & Content Restriction", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.8.4.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Pie Register \u2013 User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status."}], "title": "Pie Register \u2013 User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3137a85e-82e3-4111-ae60-1bcf1abd0c0b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3494602/pie-register"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Youssef Elouaer"}], "timeline": [{"time": "2026-04-03T13:05:56.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T13:22:02.914394Z", "id": "CVE-2026-3571", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T13:22:15.623Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3571", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T13:22:02.914394Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T13:22:11.197Z"}}], "cna": {"title": "Pie Register \u2013 User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification", "credits": [{"lang": "en", "type": "finder", "value": "Youssef Elouaer"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "genetechproducts", "product": "Pie Register \u2013 User Registration, Profiles & Content Restriction", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.8.4.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-04-03T13:05:56.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3137a85e-82e3-4111-ae60-1bcf1abd0c0b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3494602/pie-register"}], "descriptions": [{"lang": "en", "value": "The Pie Register \u2013 User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:45:02.699Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3571", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:45:02.699Z", "dateReserved": "2026-03-04T21:06:23.152Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-04-04T01:24:06.082Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Pie Register \u2013 User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status."}], "id": "CVE-2026-3571", "lastModified": "2026-04-24T18:13:28.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-04T02:15:59.310", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3494602/pie-register"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3137a85e-82e3-4111-ae60-1bcf1abd0c0b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.8.4.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Pie Register \u2013 User Registration, Profiles & Content Restriction", "source": "cna", "vendor": "genetechproducts"}, "product": "pie_register_\u2013_user_registration,_profiles_&_content_restriction", "vendor": "genetechproducts"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-04T04:50:28.680297+00:00", "value": {"mitigation_remediation": ["Update the Pie Register plugin to the latest version that includes the fix (at least 3.8.4.9).", "Verify the update by ensuring that unauthenticated requests can no longer modify the registration form status.", "If the update cannot be applied immediately, restrict unauthenticated access to the pie_main endpoint using a firewall rule or a WordPress security plugin to block unauthorized POST requests.", "Continuously monitor the site for any unauthorized changes to registration form settings and review audit logs for anomalous activity."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the Genetechproducts Pie Register \u2013 User Registration, Profiles & Content Restriction plugin. Vulnerable versions are all releases up to and including 3.8.4.8; any installation on a WordPress site running those versions is affected.", "description_and_impact": "The Pie Register plugin for WordPress lacks a capability check in the pie_main() function in all releases up to 3.8.4.8. This flaw permits any unauthenticated user to submit requests that alter the registration form status, effectively changing how new users register on the site. The unauthorized modification represents a data integrity issue and a privilege escalation vector, allowing attackers to enable or disable registration forms without permission. The identified weakness corresponds to CWE\u2011862, Unauthorized Access \u2013 Privilege Escalation.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium\u2011to\u2011high severity vulnerability. Although no EPSS score is provided and the issue is not listed in CISA\u2019s KEV catalog, the lack of authentication makes it theoretically exploitable by any external actor reaching the plugin\u2019s endpoints. The likely attack path involves sending crafted requests to the registration form status endpoint, which the plugin processes without verifying user capabilities."}}}}, "created": "2026-04-06T20:27:46.904269+00:00", "updated": "2026-04-06T22:21:06.053378+00:00", "vendors": ["genetechproducts", "genetechproducts$PRODUCT$pie_register_\u2013_user_registration,_profiles_&_content_restriction", "wordpress", "wordpress$PRODUCT$wordpress"]}