Login by Auth0 < 4.0.0 - Multiple Vulnerabilities



Description
CVE-2020-5391 - CSRF controls missing for domain field
CVE-2020-5392 - Stored XSS in Settings page
CVE-2020-6753 - Stored XSS in multiple pages
CVE-2020-7947 - CSV injection vulnerabilities
CVE-2020-7948 - Insecure direct object reference

Affects Plugin

fixed in version 4.0.0

References

CVE 2020-5391
CVE 2020-5392
CVE 2020-6753
CVE 2020-7947
CVE 2020-7948
URL https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0
URL https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v

Classification

Type MULTI

Miscellaneous

Views 1649
Verified No
WPVDB ID 10160

Timeline

Publicly Published 2020-04-01 (about 2 months ago)
Added 2020-04-01 (about 2 months ago)
Last Updated 2020-04-02 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin