> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> CVE-2020-5391, CVE-2020-5392, CVE-2020-6753, CVE-2020-7948, CVE-2020-7947: Security Update for WordPress Plugin for Auth0

# CVE-2020-5391, CVE-2020-5392, CVE-2020-6753, CVE-2020-7948, CVE-2020-7947: Security Update for WordPress Plugin for Auth0

**Published**: March 31, 2020

**CVE numbers**: CVE-2020-5391, CVE-2020-5392, CVE-2020-6753, CVE-2020-7948, CVE-2020-7947

**Credit**: Muhamad Visat

## Overview

Auth0 has released a new major version of the [WordPress Plugin for Auth0](https://github.com/auth0/wp-auth0) to address several vulnerabilities.

We recommend you review the following security advisories and upgrade to the new major version:

* CSRF controls missing for domain field in Auth0 WP plugin: [CVE-2020-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5391)
* Stored XSS in Auth0 WP plugin (Settings page): [CVE-2020-5392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5392)
* Stored XSS in Auth0 WP plugin (multiple pages): [CVE-2020-6753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6753)
* CSV injection vulnerabilities in Auth0 WP plugin: [CVE-2020-7947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7947)
* Insecure direct object reference in Auth0 WP plugin: [CVE-2020-7948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7948)

## Am I affected?

Customers using any version of the WordPress Plugin for Auth0 3.11.3 or earlier can be affected.

## How to fix that?

Customers using [WordPress Plugin for Auth0](https://github.com/auth0/wp-auth0) need to upgrade to version 4.0.0 or higher.

## Will this update impact my users?

The [release notes](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md) provide more in-depth information about the changes that were made, and the [migration instructions](https://github.com/auth0/wp-auth0/blob/master/MIGRATE-v3-TO-v4.md) provide more in-depth information about the upgrade path.