CVE-2020-7947
Summary
| CVE | CVE-2020-7947 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-04-01 13:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. |
Risk And Classification
Problem Types: CWE-1236
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Auth0 | Login By Auth0 | All | All | All | All |
| Application | Auth0 | Login By Auth0 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Update for WordPress Plugin for Auth0 | CONFIRM | auth0.com | Third Party Advisory |
| Login by Auth0 WordPress Plugin | MISC | auth0.com | Product, Vendor Advisory |
| WordPress › WordPress Auth0 Integration « WordPress Plugins | MISC | wordpress.org | Release Notes, Third Party Advisory |
| Several vulnerabilities in WordPress Plugin for Auth0 · Advisory · auth0/wp-auth0 · GitHub | CONFIRM | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.