Input Validation Issues in Login by Auth0 Plugin for WordPress
CVE-2020-7947

9.8CRITICAL

Key Information:

Vendor

Wordpress
Status
Login By Auth0
Vendor
CVE Published:
1 April 2020

What is CVE-2020-7947?

A vulnerability has been identified in the Login by Auth0 plugin for WordPress, where user data is pulled from multiple sources without adequate sanitization or input validation. This oversight can allow attackers to upload a specially crafted Excel document, potentially leading to CSV injection attacks. Users of the plugin are advised to upgrade to version 4.0.0 or later to mitigate this risk.

References

https://wordpress.org/plugins/auth0/#developers
x_refsource_MISC
https://auth0.com/docs/cms/wordpress
x_refsource_MISC
https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.