wp-auth0
by Auth0
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5391 | Hig | 0.50 | 8.8 | 0.01 | Apr 1, 2020 | Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. | ||
| CVE-2019-20173 | Med | 0.40 | 6.1 | 0.02 | Feb 5, 2020 | The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | ||
| CVE-2020-5392 | Med | 0.33 | 6.1 | 0.01 | Apr 1, 2020 | A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. |
- risk 0.50cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
- risk 0.40cvss 6.1epss 0.02
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
- risk 0.33cvss 6.1epss 0.01
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.