GCVE - cpe:2.3:a:auth0:wp-auth0:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:auth0:wp-auth0:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Auth0 (`bd827468-a826-51d4-9e05-912ec56b4756`)
Product	Wp Auth0 (`c02f2310-abef-56a7-bdab-6610f5ced8cd`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/auth0/wp-auth0`	purl2cpe	2026-06-01 10:16:14.577658

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-68129`	vulnerable	2026-06-03 15:11:02.880764	Auth0-PHP SDK has Improper Audience Validation MEDIUM (6.8) Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue. Published: 2025-12-17T22:07:35.645Z Updated: 2025-12-18T15:07:22.780Z Open on db.gcve.eu Reference links https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7 https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5392`	vulnerable	2026-06-03 14:42:56.329785	Details available A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. Published: 2020-04-01T12:48:37.000Z Updated: 2024-08-04T08:30:24.459Z Open on db.gcve.eu Reference links https://github.com/auth0/wp-auth0/releases https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5391`	vulnerable	2026-06-03 14:42:56.329369	Details available Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. Published: 2020-04-01T12:50:26.000Z Updated: 2024-08-04T08:30:23.874Z Open on db.gcve.eu Reference links https://github.com/auth0/wp-auth0/releases https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0 https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.