CVE-2026-3571 MEDIUM

CVE-2026-3571: Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

Vendor Genetechproducts
Product Pie Register – User Registration, Profiles & Content Restriction
Weakness CWE-862 · Missing authorization
Published April 4, 2026
Last update April 8, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.

Explanation of Vulnerability in Simple Terms

02Summary

Pie Register versions up to 3.8.4.8 lack proper authorization checks, allowing unauthenticated attackers to modify user data and disrupt site availability. The vulnerability requires no special access or user interaction. Site administrators should update immediately to a version newer than 3.8.4.8.

What an attacker can do

03Attacker Capabilities

Modify user registration data and cause service disruption without logging in.

Potential impact on your site

04Site Impact

User accounts and registration data can be altered or deleted by anyone on the internet.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

April 4, 2026 CVE published
April 8, 2026 Record updated

Related vulnerabilities

08Related CVE