RSS   Vulnerabilities for 'Login by auth0'   RSS

2020-04-01
 
CVE-2020-7948

NVD-CWE-Other
 

 
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.

 
 
CVE-2020-7947

CWE-74
 

 
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.

 
 
CVE-2020-6753

CWE-79
 

 
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.

 
2020-02-05
 
CVE-2019-20173

CWE-79
 

 
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.

 

 >>> Vendor: Auth0 10 Products
Auth0.js
Aspnet
Aspnet-owin
Passport-sharepoint
Jsonwebtoken
LOCK
Login by auth0
Wp-auth0
Express-jwt
Auth0


Copyright 2020, cxsecurity.com

 

Back to Top