Description
WordPress Plugin UserPro-Community and User Profile is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass authentication mechanism and log in with full administrator access. WordPress Plugin UserPro-Community and User Profile version 4.9.17 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.9.17.1 or latest
References
https://www.exploit-db.com/exploits/43117/
https://packetstormsecurity.com/files/144905/WordPress-UserPro-4.6.17-Authentication-Bypass.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
Related Vulnerabilities
WordPress Plugin Master Slider-WordPress Responsive Touch Slider Unspecified Vulnerability (2.18.2)
WordPress Plugin Simple Fields Local File Inclusion (0.3.5)
WordPress 4.1.x Directory Traversal (4.1 - 4.1.40)
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.7)
WordPress Plugin Facebook Button by BestWebSoft Cross-Site Request Forgery (2.13)