3 matches found
CVE-2020-5392
CVE-2020-5392 concerns the WordPress Auth0 plugin prior to version 4.0.0, where a stored cross-site scripting (XSS) vulnerability is exploitable via the plugin’s settings page. The issue is documented across multiple feeds (NVD, Red Hat, OSV, CNVD, CNVD, Nessus), all describing a stored XSS vecto...
CVE-2020-5391
The CVE-2020-5391 entry concerns the WordPress Auth0 plugin (pre-4.0.0). The vulnerability is a Cross-site Request Forgery (CSRF) via the domain field, with root cause described as failing to properly validate user input. Affected software: Auth0 WordPress plugin versions before 4.0.0. Impact: co...
CVE-2025-68129
CVSS and description : CVE-2025-68129 relates to improper audience validation in Auth0-PHP, potentially allowing ID tokens to be accepted as access tokens. The issue affects Auth0-PHP versions 8.0.0 through 8.17.0, and applications using dependent SDKs that rely on those Auth0-PHP versions: Symfo...