Description
WordPress Plugin UserPro-Community and User Profile is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass authentication mechanism and log in with full administrator access. WordPress Plugin UserPro-Community and User Profile version 4.9.17 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.9.17.1 or latest
References
https://www.exploit-db.com/exploits/43117/
https://packetstormsecurity.com/files/144905/WordPress-UserPro-4.6.17-Authentication-Bypass.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)
Oracle Database Server CVE-2014-4291 Vulnerability (CVE-2014-4291)
WordPress Plugin One User Avatar-User Profile Picture Unspecified Vulnerability (2.3.8)
Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)