The Pie Register plugin for WordPress suffers from a missing capability check in the pie_main() function across all versions up to 3.8.4.8. This authorization bypass (CWE-862) enables unauthenticated attackers to alter the status of registration forms, potentially disrupting user registration workflows. The vulnerability has a CVSS 3.1 base score of 6.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, but partial integrity and availability impacts.

An attacker without authentication can modify the registration form status, which may lead to disruption of user registration processes or unauthorized changes to form behavior. There is no direct confidentiality impact. The integrity and availability of the registration functionality are affected, potentially causing denial or manipulation of user registrations.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider restricting access to the affected plugin's endpoints through web application firewall rules or other access controls to prevent unauthenticated modification attempts.