← Voltar para CVEs

CVE-2020-7947

CRITICAL

9.8

Descricao

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado4/1/2020

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

auth0:login_by_auth0

Fraquezas (CWE)

CWE-1236

Referencias

https://auth0.com/docs/cms/wordpress(cve@mitre.org)

https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0(cve@mitre.org)

https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v(cve@mitre.org)

https://wordpress.org/plugins/auth0/#developers(cve@mitre.org)

https://auth0.com/docs/cms/wordpress(af854a3a-2127-422b-91ae-364da2661108)

https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v(af854a3a-2127-422b-91ae-364da2661108)

https://wordpress.org/plugins/auth0/#developers(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.