CVE-2020-7947: Input Validation
First published: Wed Apr 01 2020(Updated: )
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Auth0 Login By Auth0 | <4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-7947?
CVE-2020-7947 has a medium severity due to the potential for unauthorized access to sensitive user data.
How do I fix CVE-2020-7947?
To fix CVE-2020-7947, update the Login by Auth0 plugin to version 4.0.0 or later.
What systems are affected by CVE-2020-7947?
CVE-2020-7947 affects the Login by Auth0 plugin for WordPress versions prior to 4.0.0.
What kind of vulnerability is CVE-2020-7947?
CVE-2020-7947 is a security vulnerability related to improper data sanitization and validation.
Can CVE-2020-7947 lead to data exposure?
Yes, CVE-2020-7947 can lead to unauthorized access and exposure of user data due to the lack of input validation.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/auth0
- canonical/auth0 login by auth0