Critical severity9.8NVD Advisory· Published Nov 10, 2017· Updated Jun 17, 2026
CVE-2017-16562
CVE-2017-16562
Description
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/43117/nvdExploitIssue TrackingThird Party AdvisoryVDB Entry
- wpvulndb.com/vulnerabilities/8950nvdIssue TrackingThird Party Advisory
- codecanyon.net/item/userpro-user-profiles-with-social-login/5958681nvdIssue Tracking
News mentions
0No linked articles in our index yet.