CVE-2020-7947

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-7947
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7947.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7947
Related
  • GHSA-59vf-cgfw-6h6v
Published
2020-04-01T13:15:15.320Z
Modified
2026-04-10T04:28:14.484178Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.

References

Affected packages

Git / github.com/auth0/wp-auth0

Affected ranges

Type
GIT
Repo
https://github.com/auth0/wp-auth0
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e7b2831efef9ecc777f1f436d147058eb4311b62
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.0.0"
        }
    ]
}

Affected versions

1.*
1.2.1
1.2.2
1.2.3
1.2.4
1.2.7
1.3.0
1.3.1
1.3.6
2.*
2.0.0
2.1.0
2.1.1
2.1.11
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
3.*
3.1.1
3.1.2
3.1.3
3.10.0
3.11.0
3.2.0
3.2.10
3.2.14
3.2.19
3.2.25
3.2.5
3.2.8
3.2.9
3.4.0
3.6.0
3.6.1
3.6.2
3.7.0
3.8.0
3.8.1
3.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7947.json"