331 matches found
CVE-2017-16562
The CVE-2017-16562 entry concerns the WordPress UserPro Plugin prior to version 4.9.17.1. The vulnerability allows remote attackers, when the site uses the default admin username, to bypass authentication and obtain administrative access by sending a true value for the up_auto_log parameter in th...
CVE-2017-16562
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...
WordPress UserPro 4.6.17 Authentication Bypass
Exploit Title: Userpro a WordPress Plugin a Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?srank=9...
WordPress Userpro Plugin < 4.9.17.1 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage:...
WordPress Userpro plugin <= 4.9.17.1 - Authentication Bypass Vulnerability
It's possible to bypass login authentication for the administrator user. If you append ?upautolog=true to the url, you'll be logged-in as administrator with full access. Solution Update the plugin...
WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass
WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage:...
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass
Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?srank=9...
Wordpress Userpro plugin file upload vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.UserPro is one of the full-featured user profile and community plugins. A file upload vulnerability exists in the...
WordPress Userpro Remote File Upload
Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://userproplugin.com/ Google Dork : inurl:/wp-content/plugins/userpro/ Date : 10/20/2016 Tested on : Windows10/Linux This module requires Metasploit:...
WordPress plugin UserPro 'redirect_to' parameter cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.UserPro is one of the full-featured user profile and community plugins. A cross-site scripting vulnerability exists in...
WordPress UserPro 2.33 Cross Site Scripting
Exploit Title: WordPress Plugin: UserPro XSS Vulnerability Google Dork: inurl:wp-content/plugins/userpro/ Date: 27 May 2015 Exploit Author: FaisaL Ahmed rEd X Author Homepage: http://faisalahmed.me/ Vendor Homepage:http://userproplugin.com/userpro Software Link:...