4 matches found
CVE-2019-20173
CVE-2019-20173 pertains to the WordPress Auth0 wp-auth0 plugin (versions 3.11.x up to before 3.11.3). The issue is a cross-site scripting (XSS) vulnerability triggered through a wle parameter processed in wp-login.php, allowing unauthenticated or user-interaction-requiring execution of script in ...
CVE-2020-7947
The CVE-2020-7947 issue affects the WordPress plugin Login by Auth0 prior to 4.0.0. The vulnerability stems from data fields being populated from multiple sources without sanitization or input validation before exporting user data, enabling CSV injection via a crafted Excel document. Public refer...
CVE-2020-6753
CVE-2020-6753 concerns the Login by Auth0 plugin for WordPress, affecting versions before 4.0.0. The vulnerability is a stored XSS on multiple pages, including the settings page, with the issue described as distinct from CVE-2020-5392. The connected documents corroborate the core detail: a stored...
CVE-2020-7948
The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...