Cyber Resilience

CVE-2023-0552

MediumPublic PoC

Published: 27 February 2023

Published
27 February 2023
Modified
18 March 2025
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.1638 95.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0552 is a medium-severity an unspecified weakness vulnerability in Genetechsolutions Pie Register. Its CVSS base score is 5.4 (Medium).

Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The Registration Forms WordPress plugin before version 3.8.2.3 contains an open redirect vulnerability stemming from insufficient validation of redirection URLs during login and logout operations. The affected component is the plugin's authentication flow, which accepts untrusted redirect parameters without proper sanitization or allow-list checks.

An attacker with low-privileged access can supply a crafted redirect URL that triggers the flaw when a user completes login or logout. Successful exploitation results in redirection to an arbitrary external site, enabling limited impacts on confidentiality and integrity within a changed security scope as reflected in the CVSS 5.4 rating that requires user interaction.

The referenced WPScan advisory identifies the issue in the plugin prior to 3.8.2.3 and indicates that updating to a fixed release addresses the improper redirect handling. The associated EPSS score has remained flat at 0.1638 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

genetechsolutions
pie register
≤ 3.8.2.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References