CVE-2020-7947
Last modified
CVE-2020-7947 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. EPSS estimates a 2.84% chance of exploitation in the next 30 days.
Description
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Auth0 | Login By Auth0 | < 4.0.0 |
References
- https://auth0.com/docs/cms/wordpressProduct, Vendor Advisory
- https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0Third Party Advisory
- https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6vThird Party Advisory
- https://wordpress.org/plugins/auth0/#developersRelease Notes, Third Party Advisory
- https://auth0.com/docs/cms/wordpressProduct, Vendor Advisory
- https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0Third Party Advisory
- https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6vThird Party Advisory
- https://wordpress.org/plugins/auth0/#developersRelease Notes, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7947?
How severe is CVE-2020-7947?
How do I fix CVE-2020-7947?
Are you affected by CVE-2020-7947?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST