Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress Auth0 注入漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress Auth0 4.0.0之前版本中存在注入漏洞,该漏洞源于程序导出用户数据之前未对数据进行清理并且没有进行任意输入验证。攻击者可借助特制的Excel文档利用该漏洞在系统上执行代码。
CVSS Information
N/A
Vulnerability Type
N/A