UserPro <= 4.9.17 – Authentication Bypass | CVE 2017-16562 | Plugin Vulnerabilities

Description

The userpro plugin has the ability to bypass login authentication for the user
'admin'. If the site does not use the standard username 'admin' it is not affected.

Proof of Concept

1 - Google Dork inurl:/plugins/userpro

2 - Browse to a site that has the userpro plugin installed.

3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true

4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in will full administrator access.

Affects Plugins

Fixed in 4.9.17.1

References

CVE

Exploitdb

URL

https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Submitter

Colette Chamberland, Iain Hadgraft

Submitter twitter

Verified

No

WPVDB ID

6d5da73e-30c2-4100-bceb-634f9c95a30a

Timeline

Publicly Published

2017-11-10 (about 8 years ago)

Added

2017-11-12 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

LayerSlider 4.6.1 - Remote Path Traversal File Access

Published

2025-02-26

Title

Login Me Now < 1.7.3 - Authentication Bypass

Published

2024-11-05

Title

Social Share, Social Login and Social Comments Plugin – Super Socializer < 7.14 - Authentication Bypass

Published

2025-02-12

Title

WP Directorybox Manager <= 2.5 - Authentication Bypass

Published

2025-09-19

Title

SupportCandy < 3.3.8 - Authentication Bypass to Support Session Takeover