mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
869 B
869 B
CVE-2017-16562
Description
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
POC
Reference
- https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9
- https://wpvulndb.com/vulnerabilities/8950
- https://www.exploit-db.com/exploits/43117/