CRITICAL🇵🇱 Wersja polska

CVE-2017-16562

CVSS 9.8v3.0pub. 2017-11-10upd. 2026-05-13

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Userproplugin Userpro

    APP
    Userproplugin
    < 4.9.17.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-35700CRITICAL9.8PL ✓ten sam produkt

Incorrect Privilege Assignment w wtyczce WordPress UserPro — przejęcie konta bez uwierzytelnienia

CVE-2023-2449CRITICAL9.8PL ✓ten sam produkt

Nieautoryzowany reset hasła w pluginie UserPro dla WordPress

CVE-2023-2437CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w pluginie UserPro dla WordPress (logowanie Facebook)

CVE-2023-2440HIGH8.8ten sam produkt

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,...

CVE-2023-2497HIGH8.8ten sam produkt

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,...