Every CVE whose affected-product data names Auth0 Login By Auth0, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-7947 — CVSS 9.8 (critical): An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is…
CVE-2020-7948 — CVSS 8.8 (high): An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
CVE-2019-20173 — CVSS 6.1 (medium): The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
CVE-2020-6753 — CVSS 6.1 (medium): The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.