CVE-2021-24239

Name of the Vulnerable Software and Affected Versions The Pie Register – User Registration Forms plugin versions prior to 3.7.0.1

Description The issue is related to a reflected Cross-Site Scripting problem. It occurs because the invitaion code GET parameter is not properly sanitized when it is outputted on the Activation Code page.

Recommendations For versions prior to 3.7.0.1, update to version 3.7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Activation Code page to minimize the risk of exploitation. Avoid using the invitaion code parameter in the affected page until the issue is resolved.