Auth0 WordPress Plugin: Cookie Encryption Vulnerability (≤5.5.0)
Plattform
php
Komponente
auth0/wordpress
Behoben in
5.6.0
GHSA-vfpx-q664-h93m describes a vulnerability in the Auth0 WordPress plugin where cookies are encrypted with insufficient entropy. This can allow attackers to brute-force the encryption key and forge session cookies, potentially gaining unauthorized access. This affects Auth0 WordPress Plugin versions 5.0.0-BETA0 to 5.5.0 using Auth0-PHP SDK versions 8.0.0 to 8.18.0. The vulnerability is fixed in version 5.6.0.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is GHSA-vfpx-q664-h93m?
It's a vulnerability in the Auth0 WordPress plugin where weak cookie encryption can lead to session forgery.
Am I affected by GHSA-vfpx-q664-h93m?
You are affected if you use the Auth0 WordPress plugin versions 5.0.0-BETA0 to 5.5.0 with Auth0-PHP SDK versions 8.0.0 to 8.18.0.
How do I fix GHSA-vfpx-q664-h93m?
Upgrade your Auth0 WordPress plugin to version 5.6.0 or greater.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten