Auth0 WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability has been identified in the Auth0 WordPress plugin, affecting versions prior to 4.0.0. The vulnerability arises in the domain field, where the plugin lacks proper CSRF controls, allowing unauthorized actions to be performed on behalf of the user.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the user, potentially allowing attackers to manipulate settings or data within the WordPress site.

Remediation

Users are advised to upgrade to Auth0 WordPress Plugin version 4.0.0 or later. The release notes and migration instructions are available on the plugin's GitHub repository.

Added: Mar 11, 2026, 7:08 PM

Updated: Mar 11, 2026, 7:08 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.5

remediation

7.7

relevance

0.0

Auth0 WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Auth0 WordPress Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating