← back
CVE-2017-16562

CVE-2017-16562

EPSS 27.4%
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43117/unverifiedexploitdbwww.exploit-db.com/exploits/43117unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9https://wpvulndb.com/vulnerabilities/8950https://www.exploit-db.com/exploits/43117/