CRITICAL🇵🇱 Wersja polska

CVE-2020-7947

CVSS 9.8v3.1pub. 2020-04-01upd. 2024-11-21

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Auth0 Login By Auth0

    APP
    Auth0
    < 4.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-7948HIGH8.8ten sam produkt

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecur...

CVE-2020-6753MEDIUM6.1ten sam produkt

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue th...

CVE-2019-20173MEDIUM6.1ten sam produkt

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp...

CVE-2019-7644CRITICAL9.8ten sam vendor

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot s...

CVE-2015-9235CRITICAL9.8ten sam vendor

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token di...