27 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page...
CVE-2020-5391
The CVE-2020-5391 entry concerns the WordPress Auth0 plugin (pre-4.0.0). The vulnerability is a Cross-site Request Forgery (CSRF) via the domain field, with root cause described as failing to properly validate user input. Affected software: Auth0 WordPress plugin versions before 4.0.0. Impact: co...
CVE-2020-5392
CVE-2020-5392 concerns the WordPress Auth0 plugin prior to version 4.0.0, where a stored cross-site scripting (XSS) vulnerability is exploitable via the plugin’s settings page. The issue is documented across multiple feeds (NVD, Red Hat, OSV, CNVD, CNVD, Nessus), all describing a stored XSS vecto...
CVE-2019-20173
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...
CVE-2019-20173
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...
Design/Logic Flaw
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...