The UserPro plugin prior to 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote malicious users to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
userproplugin userpro |