WordPress · Userpro · CVE-2017-16562
**Name of the Vulnerable Software and Affected Versions**
UserPro plugin for WordPress versions prior to 4.9.17.1
**Description**
The issue allows remote attackers to bypass authentication and obtain administrative access. This can be achieved by setting the `up auto log` parameter in the QUERY STRING to 'true' when accessing the default URI.
**Recommendations**
For versions prior to 4.9.17.1, update to version 4.9.17.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the default URI or disabling the `up auto log` parameter to minimize the risk of exploitation.