Lucene search
Colette Chamberland, Iain HadgraftWPVDB-ID:6D5DA73E-30C2-4100-BCEB-634F9C95A30AHistoryNov 10, 2017 - 12:00 a.m.
UserPro <= 4.9.17 - Authentication Bypass
2017-11-1000:00:00
Colette Chamberland, Iain Hadgraft
wpscan.com
8
0.785 High
EPSS
Percentile
98.3%
The userpro plugin has the ability to bypass login authentication for the user ‘admin’. If the site does not use the standard username ‘admin’ it is not affected.
PoC
1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true 4 - If the site has a default ‘admin’ user you will now see the wp menu at the top of the site. You are now logged in will full administrator access.
Related
wpexploit
wpexploit
UserPro <= 4.9.17 - Authentication Bypass
2017-11-10 00:00:00
cve
cve
CVE-2017-16562
2017-11-10 02:29:18
nessus
nessus
nvd
nvd
CVE-2017-16562
2017-11-10 02:29:18
cvelist
cvelist
CVE-2017-16562
2017-11-09 19:00:00
canvas
canvas
Immunity Canvas: WPUSERPRO_RCE
2017-11-10 02:29:00
checkpoint_advisories
checkpoint_advisories
WordPress Userpro Plugin Authentication Bypass (CVE-2017-16562)
2017-11-12 00:00:00
openvas
openvas
WordPress UserPro Plugin < 4.9.17.1 Authentication Bypass Vulnerability
2017-11-21 00:00:00
prion
prion
Authentication flaw
2017-11-10 02:29:00