cvedb.io
CVE-2017-16562
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-11-10T02:29:18.730 · Last modified 2026-06-17T01:09:28.690

Summary

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.

Affected products

userproplugin — userpro

Does this affect you?

Add your gear to cvedb and we'll alert you only when userproplugin ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.