12 matches found
CVE-2020-7948
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
CVE-2023-6813
CVE-2023-6813 affects the Login by Auth0 plugin for WordPress. All versions up to 4.6.0 are vulnerable to Reflected XSS via the wle parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts in pages executed after user actions (e.g....
WordPress Login by Auth0 Plugin <= 4.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Login by Auth0 Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6813 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 700ddc0d68f5 Credits Krzysztof Zając...
CVE-2020-7947
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...
CVE-2020-7948
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
CVE-2020-7948
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
CVE-2020-6753
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392...
CVE-2020-7947
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...
Input validation
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...
CVE-2020-7948
The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...
CVE-2020-7947
The CVE-2020-7947 issue affects the WordPress plugin Login by Auth0 prior to 4.0.0. The vulnerability stems from data fields being populated from multiple sources without sanitization or input validation before exporting user data, enabling CSV injection via a crafted Excel document. Public refer...
CVE-2020-6753
CVE-2020-6753 concerns the Login by Auth0 plugin for WordPress, affecting versions before 4.0.0. The vulnerability is a stored XSS on multiple pages, including the settings page, with the issue described as distinct from CVE-2020-5392. The connected documents corroborate the core detail: a stored...