Cyber Resilience

CVE-2025-34077

CriticalPublic PoCRCE

Published: 09 July 2025

Published
09 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.7624 99.0th percentile
Risk Priority 66 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34077 is a critical-severity Code Injection (CWE-94) vulnerability in Pieregister (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 1.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An authentication bypass vulnerability affects the WordPress Pie Register plugin up to version 3.7.1.4. The flaw resides in the login handling logic and permits unauthenticated attackers to submit a specially crafted POST request containing social_site=true and a manipulated user_id_social_site parameter. Successful exploitation issues a valid WordPress session cookie for any chosen user identifier, including administrator accounts. The associated CVSS 4.0 score of 10.0 reflects the absence of required authentication, privileges, or user interaction together with full impact on confidentiality, integrity, and availability.

Once authenticated, an attacker can leverage the plugin’s upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server. The attack can therefore be carried out by any remote, unauthenticated party and yields complete control over the WordPress site and host. Public references include a Metasploit module that implements the bypass and subsequent RCE chain, confirming that working exploit code is readily available.

The current EPSS score of 0.7624, with a recorded peak of 0.7728, indicates sustained and substantial exploitation interest following disclosure. No specific patch version or mitigation guidance is supplied in the available references.

EU & UK References

Vulnerability details

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an…

more

attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Pieregister
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-434 CWE-94

Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.

addresses: CWE-306

Requires established identification and authentication to unlock, mitigating missing authentication for continued system access.

addresses: CWE-306

Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.

addresses: CWE-306

Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.

addresses: CWE-306

Guarantees critical functions are protected by mandatory invocation of the access control mechanism.

addresses: CWE-306

Auditing sessions makes it possible to detect access to critical functions without required authentication.

addresses: CWE-306

The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.

addresses: CWE-306

Certification assesses that critical functions have required authentication controls in place.

References