Primary

Context

Auth0 WordPress Plugin Insecure Direct Object Reference Vulnerability

Vulnerability

Patched

A vulnerability allowing insecure direct object references has been identified in the Login by Auth0 WordPress plugin, affecting versions through 3.11.3. This issue could allow users to access or manipulate objects they should not have permission to.

Impact

Exploitation of this vulnerability could lead to unauthorized access or manipulation of objects within the WordPress site.

Remediation

Users are advised to upgrade to Auth0 WordPress Plugin version 4.0.0 or later.

Added: Mar 11, 2026, 7:08 PM

Updated: Mar 11, 2026, 7:08 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Auth0 WordPress Plugin Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Auth0 Login by Auth0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating