Insecure Direct Object Reference in Login by Auth0 Plugin for WordPress
CVE-2020-7948

8.8HIGH

Key Information:

Vendor

Wordpress
Status
Login By Auth0
Vendor
CVE Published:
1 April 2020

What is CVE-2020-7948?

The Login by Auth0 plugin for WordPress is vulnerable to an insecure direct object reference, which can allow an attacker to access or manipulate objects that they should not be authorized to interact with. This vulnerability affects versions prior to 4.0.0. Users are advised to upgrade to the latest version to mitigate the risk associated with this issue. For more information, you can visit the plugin's official page and the security bulletins provided by Auth0.

References

https://wordpress.org/plugins/auth0/#developers
x_refsource_MISC
https://auth0.com/docs/cms/wordpress
x_refsource_MISC
https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.