Overview
Auth0 has released a new major version of WordPress Plugin for Auth0 to address several vulnerabilities.
We recommend you review the following security advisories and upgrade to the new major version:
- CSRF controls missing for domain field in Auth0 WP plugin: CVE-2020-5391
- Stored XSS in Auth0 WP plugin (Settings page): CVE-2020-5392
- Stored XSS in Auth0 WP plugin (multiple pages): CVE-2020-6753
- CSV injection vulnerabilities in Auth0 WP plugin: CVE-2020-7947
- Insecure direct object reference in Auth0 WP plugin: CVE-2020-7948
Am I affected?
Yes. Customers using any version of the WordPress Plugin for Auth0 3.11.3 or earlier can be affected.
Will this update impact my users?
The release notes provide more in-depth information about the changes that were made, and the migration instructions provide more in-depth information about the upgrade path.
Overview
Auth0 has released a new major version of WordPress Plugin for Auth0 to address several vulnerabilities.
We recommend you review the following security advisories and upgrade to the new major version:
Am I affected?
Yes. Customers using any version of the WordPress Plugin for Auth0 3.11.3 or earlier can be affected.
Will this update impact my users?
The release notes provide more in-depth information about the changes that were made, and the migration instructions provide more in-depth information about the upgrade path.