.. / CVE-2021-24647

Exploit for Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login (CVE-2021-24647)

Description:

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username

Nuclei Template

View the template here CVE-2021-24647.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24647.yaml

References:

https://github.com/RandomRobbieBF/CVE-2021-24647
https://wpscan.com/vulnerability/40d347b1-b86e-477d-b4c6-da105935ce37
https://nvd.nist.gov/vuln/detail/CVE-2021-24647

.. / CVE-2021-24647 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login (CVE-2021-24647)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24647