Lucene search
K
Auth0Login By Auth0

4 matches found

cve
cve
added 2020/02/05 7:50 p.m.93 views

CVE-2019-20173

CVE-2019-20173 pertains to the WordPress Auth0 wp-auth0 plugin (versions 3.11.x up to before 3.11.3). The issue is a cross-site scripting (XSS) vulnerability triggered through a wle parameter processed in wp-login.php, allowing unauthenticated or user-interaction-requiring execution of script in ...

6.1CVSS5.9AI score0.02462EPSS
Web
cve
cve
added 2020/04/01 12:51 p.m.85 views

CVE-2020-7947

The CVE-2020-7947 issue affects the WordPress plugin Login by Auth0 prior to 4.0.0. The vulnerability stems from data fields being populated from multiple sources without sanitization or input validation before exporting user data, enabling CSV injection via a crafted Excel document. Public refer...

9.8CVSS9.3AI score0.02842EPSS
cve
cve
added 2020/04/01 12:49 p.m.76 views

CVE-2020-6753

CVE-2020-6753 concerns the Login by Auth0 plugin for WordPress, affecting versions before 4.0.0. The vulnerability is a stored XSS on multiple pages, including the settings page, with the issue described as distinct from CVE-2020-5392. The connected documents corroborate the core detail: a stored...

6.1CVSS7.3AI score0.01318EPSS
cve
cve
added 2020/04/01 12:53 p.m.73 views

CVE-2020-7948

The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...

8.8CVSS9.1AI score0.02191EPSS