{"id":"CVE-2019-20173","details":"The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.","modified":"2026-04-11T21:01:56.898691Z","published":"2020-02-05T20:15:11.030Z","references":[{"type":"ADVISORY","url":"https://auth0.com/docs/security/bulletins/cve-2019-20173"},{"type":"ADVISORY","url":"https://github.com/auth0/wp-auth0/releases/tag/3.11.3"},{"type":"ADVISORY","url":"https://wpvulndb.com/vulnerabilities/10059"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/auth0/wordpress","events":[{"introduced":"1a3c1dd024d988be052b37cdc395f9f58b0e0eb4"},{"fixed":"8f60b5b058daf5c512b66d525e025a19599f326f"}],"database_specific":{"cpe":"cpe:2.3:a:auth0:login_by_auth0:*:*:*:*:*:wordpress:*:*","extracted_events":[{"introduced":"3.11.0"},{"fixed":"3.11.3"}],"source":["CPE_FIELD","REFERENCES"]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20173.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}