[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability [+]Author: TUNISIAN CYBER [+]Date: 09/03/2015 [+]Type:WebApp [+]Risk:High [+]Affected Version:All [+]Overview: Pie Register 2.x suffers, from an XSS vulnerability. [+]Proof Of Concept: [PHP] global $piereg_dir_path; include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php"); if(isset($_POST['notice']) && $_POST['notice'] ){ echo '

' . $_POST['notice'] . '.

'; }elseif(isset($_POST['error']) && $_POST['error'] ){ echo '

' . $_POST['error'] . '.

'; } [PHP] Exploit Code: [HTML]

Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability

[HTML] http://i.imgur.com/L5KXmKI.png