Gravitylover

**Name of the Vulnerable Software and Affected Versions** Pie-Register plugin versions prior to 1.31 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `pass1` or `pass2` parameter in a register action, when "Allow New Registrations to set their own Password" is enabled. **Recommendations** For Pie-Register plugin versions prior to 1.31, update to version 1.31 or later to resolve the issue. As a temporary workaround, consider disabling the "Allow New Registrations to set their own Password" feature until a patch is available. Restrict access to the register action to minimize the risk of exploitation. Avoid using the `pass1` and `pass2` parameters in the affected API endpoint until the issue is resolved.