Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It ...

CVE-2019-20173

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

EUVD-2020-28870

Malware in sbrugna...

EUVD-2020-26572

Malware in sbrugna...

EUVD-2020-28869

Malware in sbrugna...

EUVD-2019-10728

Malware in sbrugna...

EUVD-2020-26573

Malware in sbrugna...

EUVD-2020-27900

Malware in sbrugna...

EUVD-2025-16944

Malicious code in bioql PyPI...

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

CVE-2020-6753

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392...

CVE-2020-5392

A stored cross-site scripting XSS vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page...

CVE-2020-5391

Cross-site request forgery CSRF vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field...

PT-2025-21936 · Undefined · Undefined

🚨 CVE-2025-190800 in Auth0 WordPress plugin allows brute force attacks on session cookies, risking unauthorized access. Update to version 5.3.0 or later and consider rotating cookie encryption keys.🔧 Read more: https://t.co/aLcSs7CcDK BruteForceAttack CyberSecurity Vulert https://t.co/3Z8lZDmI2j...

GHSA-52JW-F3JQ-HHWG Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x6p7-44rh-m3rr. This link has been maintained to preserve external references. Original Description The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter...

WordPress Login by Auth0 plugin <= 4.6.0 - Reflected Cross-Site Scripting via wle vulnerability

Reflected Cross-Site Scripting via wle vulnerability discovered by Krzysztof Zając in WordPress Plugin Login by Auth0 versions = 4.6.0...

WordPress CSV Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An injection vulnerability exists in WordPress Auth0 prior to version 4.0.0, which results from the program no...

CVE-2020-5392

A stored cross-site scripting XSS vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page...

CVE-2020-5391

Cross-site request forgery CSRF vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field...

CVE-2020-5392

A stored cross-site scripting XSS vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page...