Search criteria
12 vulnerabilities found for login_by_auth0 by auth0
FKIE_CVE-2020-7948
Vulnerability from fkie_nvd - Published: 2020-04-01 13:15 - Updated: 2024-11-21 05:38
Severity ?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://auth0.com/docs/cms/wordpress | Product, Vendor Advisory | |
| cve@mitre.org | https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 | Vendor Advisory | |
| cve@mitre.org | https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v | Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/auth0/#developers | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://auth0.com/docs/cms/wordpress | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/auth0/#developers | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| auth0 | login_by_auth0 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:auth0:login_by_auth0:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AEF5427B-E416-4F67-8D3D-FE113B53E030",
"versionEndExcluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el plugin Login by Auth0 versiones anteriores a 4.0.0 para WordPress. Un usuario puede llevar a cabo una referencia a objeto directa no segura."
}
],
"id": "CVE-2020-7948",
"lastModified": "2024-11-21T05:38:04.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T13:15:15.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-6753
Vulnerability from fkie_nvd - Published: 2020-04-01 13:15 - Updated: 2024-11-21 05:36
Severity ?
Summary
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 | Third Party Advisory | |
| cve@mitre.org | https://github.com/auth0/wp-auth0/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/auth0/wp-auth0/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| auth0 | login_by_auth0 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:auth0:login_by_auth0:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AEF5427B-E416-4F67-8D3D-FE113B53E030",
"versionEndExcluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392."
},
{
"lang": "es",
"value": "El plugin Login by Auth0 versiones anteriores a 4.0.0 para WordPress, permite un ataque de tipo XSS almacenado en m\u00faltiples p\u00e1ginas, un poblema diferente de CVE-2020-5392."
}
],
"id": "CVE-2020-6753",
"lastModified": "2024-11-21T05:36:07.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T13:15:15.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7947
Vulnerability from fkie_nvd - Published: 2020-04-01 13:15 - Updated: 2024-11-21 05:38
Severity ?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://auth0.com/docs/cms/wordpress | Product, Vendor Advisory | |
| cve@mitre.org | https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 | Third Party Advisory | |
| cve@mitre.org | https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v | Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/auth0/#developers | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://auth0.com/docs/cms/wordpress | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/auth0/#developers | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| auth0 | login_by_auth0 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:auth0:login_by_auth0:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AEF5427B-E416-4F67-8D3D-FE113B53E030",
"versionEndExcluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el plugin Login by Auth0 versiones anteriores a 4.0.0 para WordPress. Presenta numerosos campos que pueden contener datos que son extra\u00eddos de diferentes fuentes. Un problema con esto es que los datos no son saneados y no se realiza ninguna comprobaci\u00f3n de entrada, antes de la exportaci\u00f3n de los datos del usuario. Esto puede conllevar a (al menos) una inyecci\u00f3n de CSV si un documento Excel dise\u00f1ado es cargado."
}
],
"id": "CVE-2020-7947",
"lastModified": "2024-11-21T05:38:03.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T13:15:15.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-20173
Vulnerability from fkie_nvd - Published: 2020-02-05 20:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://auth0.com/docs/security/bulletins/cve-2019-20173 | Vendor Advisory | |
| cve@mitre.org | https://github.com/auth0/wp-auth0/releases/tag/3.11.3 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/10059 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://auth0.com/docs/security/bulletins/cve-2019-20173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/auth0/wp-auth0/releases/tag/3.11.3 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/10059 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| auth0 | login_by_auth0 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:auth0:login_by_auth0:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "82A96A61-817B-4D8A-B7AE-E57D69710AA1",
"versionEndExcluding": "3.11.3",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php."
},
{
"lang": "es",
"value": "El plugin Auth0 wp-auth0 versiones 3.11.x anteriores a 3.11.3 para WordPress, permite un ataque de tipo XSS por medio de un par\u00e1metro wle asociado con el archivo wp-login.php."
}
],
"id": "CVE-2019-20173",
"lastModified": "2024-11-21T04:38:09.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T20:15:11.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/10059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7948 (GCVE-0-2020-7948)
Vulnerability from cvelistv5 – Published: 2020-04-01 12:53 – Updated: 2024-08-04 09:48
VLAI?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:53:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/auth0/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"name": "https://auth0.com/docs/cms/wordpress",
"refsource": "MISC",
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7948",
"datePublished": "2020-04-01T12:53:18",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7947 (GCVE-0-2020-7947)
Vulnerability from cvelistv5 – Published: 2020-04-01 12:51 – Updated: 2024-08-04 09:48
VLAI?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:51:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/auth0/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"name": "https://auth0.com/docs/cms/wordpress",
"refsource": "MISC",
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7947",
"datePublished": "2020-04-01T12:51:59",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6753 (GCVE-0-2020-6753)
Vulnerability from cvelistv5 – Published: 2020-04-01 12:49 – Updated: 2024-08-04 09:11
VLAI?
Summary
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:49:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/wp-auth0/releases",
"refsource": "MISC",
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6753",
"datePublished": "2020-04-01T12:49:25",
"dateReserved": "2020-01-09T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20173 (GCVE-0-2019-20173)
Vulnerability from cvelistv5 – Published: 2020-02-05 19:50 – Updated: 2024-08-05 02:39
VLAI?
Summary
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T23:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"name": "https://auth0.com/docs/security/bulletins/cve-2019-20173",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"name": "https://wpvulndb.com/vulnerabilities/10059",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20173",
"datePublished": "2020-02-05T19:50:33",
"dateReserved": "2019-12-31T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7948 (GCVE-0-2020-7948)
Vulnerability from nvd – Published: 2020-04-01 12:53 – Updated: 2024-08-04 09:48
VLAI?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:53:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/auth0/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"name": "https://auth0.com/docs/cms/wordpress",
"refsource": "MISC",
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7948",
"datePublished": "2020-04-01T12:53:18",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7947 (GCVE-0-2020-7947)
Vulnerability from nvd – Published: 2020-04-01 12:51 – Updated: 2024-08-04 09:48
VLAI?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:51:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/auth0/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"name": "https://auth0.com/docs/cms/wordpress",
"refsource": "MISC",
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7947",
"datePublished": "2020-04-01T12:51:59",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6753 (GCVE-0-2020-6753)
Vulnerability from nvd – Published: 2020-04-01 12:49 – Updated: 2024-08-04 09:11
VLAI?
Summary
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:49:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/wp-auth0/releases",
"refsource": "MISC",
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6753",
"datePublished": "2020-04-01T12:49:25",
"dateReserved": "2020-01-09T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20173 (GCVE-0-2019-20173)
Vulnerability from nvd – Published: 2020-02-05 19:50 – Updated: 2024-08-05 02:39
VLAI?
Summary
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T23:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/releases/tag/3.11.3"
},
{
"name": "https://auth0.com/docs/security/bulletins/cve-2019-20173",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/cve-2019-20173"
},
{
"name": "https://wpvulndb.com/vulnerabilities/10059",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/10059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20173",
"datePublished": "2020-02-05T19:50:33",
"dateReserved": "2019-12-31T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}