Lucene search
+L

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:52 p.m.9 views

CVE-2020-7948

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...

8.8CVSS6.9AI score0.02191EPSS
Exploits0References1
CVE
CVE
added 2024/07/10 7:36 a.m.70 views

CVE-2023-6813

CVE-2023-6813 affects the Login by Auth0 plugin for WordPress. All versions up to 4.6.0 are vulnerable to Reflected XSS via the wle parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts in pages executed after user actions (e.g....

6.1CVSS6.2AI score0.00359EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.12 views

WordPress Login by Auth0 Plugin <= 4.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Login by Auth0 Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6813 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 700ddc0d68f5 Credits Krzysztof Zając...

6.1CVSS5.6AI score0.00359EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/04/01 1:15 p.m.25 views

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

9.8CVSS9.4AI score0.02842EPSS
Exploits0References4
NVD
NVD
added 2020/04/01 1:15 p.m.22 views

CVE-2020-7948

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...

8.8CVSS8.7AI score0.02191EPSS
Exploits0References4
OSV
OSV
added 2020/04/01 1:15 p.m.19 views

CVE-2020-7948

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...

8.8CVSS9.4AI score
Exploits0References4
OSV
OSV
added 2020/04/01 1:15 p.m.13 views

CVE-2020-6753

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392...

6.1CVSS9.2AI score0.02842EPSS
Exploits0References3
OSV
OSV
added 2020/04/01 1:15 p.m.20 views

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

9.8CVSS9.4AI score
Exploits0References4
Prion
Prion
added 2020/04/01 1:15 p.m.17 views

Input validation

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

7.5CVSS9.3AI score0.02842EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/04/01 12:53 p.m.74 views

CVE-2020-7948

The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...

8.8CVSS9.1AI score0.02191EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/04/01 12:51 p.m.85 views

CVE-2020-7947

The CVE-2020-7947 issue affects the WordPress plugin Login by Auth0 prior to 4.0.0. The vulnerability stems from data fields being populated from multiple sources without sanitization or input validation before exporting user data, enabling CSV injection via a crafted Excel document. Public refer...

9.8CVSS9.3AI score0.02842EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/04/01 12:49 p.m.76 views

CVE-2020-6753

CVE-2020-6753 concerns the Login by Auth0 plugin for WordPress, affecting versions before 4.0.0. The vulnerability is a stored XSS on multiple pages, including the settings page, with the issue described as distinct from CVE-2020-5392. The connected documents corroborate the core detail: a stored...

6.1CVSS7.3AI score0.01318EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder