CVE-2017-16562

Name of the Vulnerable Software and Affected Versions UserPro plugin for WordPress versions prior to 4.9.17.1

Description The issue allows remote attackers to bypass authentication and obtain administrative access. This can be achieved by setting the up auto log parameter in the QUERY STRING to 'true' when accessing the default URI.

Recommendations For versions prior to 4.9.17.1, update to version 4.9.17.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the default URI or disabling the up auto log parameter to minimize the risk of exploitation.