Primary

Context

Auth0 WordPress Plugin CSV Injection Vulnerability

Vulnerability

Patched

A CSV injection vulnerability has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. The issue arises because the plugin's data fields, which source information from various origins, lack proper input validation and sanitization before user data is exported. This oversight can be exploited by uploading a crafted Excel document that injects malicious CSV data.

Impact

Exploitation of this vulnerability allows for CSV injection, where malicious content is embedded in a CSV file that could be executed when the file is opened in a spreadsheet application like Microsoft Excel.

Remediation

Users can upgrade to Auth0 WordPress Plugin version 4.0.0 or later to address this vulnerability.

Added: Mar 11, 2026, 7:23 PM

Updated: Mar 11, 2026, 7:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Auth0 WordPress Plugin CSV Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Auth0 Login by Auth0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating