Authentication Bypass Vulnerability in UserPro Plugin for WordPress

Authentication Bypass Vulnerability in UserPro Plugin for WordPress

CVE-2017-16562 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.

Learn more about our Wordpress Pen Testing.