FROM THE AUTHOR/PLUGIN DEV

Hello WordPress Community members! Auth0 has released a new major version of its WordPress login plugin. This release fixes a number of security vulnerabilities.

Auth0 recommends that users of all versions of the plugin upgrade immediately.

How to update your WordPress Login Plugin via WordPress Admin Dashboard:

Go to your WordPress Admin Dashboard
Select “Updates”
The option to update the Auth0 plugin will be available
If the updated version is not showing up, wait a few minutes, and click “Check Again”

How many and how serious are the vulnerabilities?
The WordPress login plugin version 4.0.0 fixes five security vulnerabilities. The highest severity is High with a CVSS score of 8.5. The associated CVEs are CVE-2020-7947, CVE-2020-6753, CVE-2020-5392, CVE-2020-5391, and CVE-2020-7948.

Is the new version backwards compatible?
Some features were removed from the plugin configuration section to address security concerns. These are the changelog and release notes.

There is no need to upgrade configuration on Auth0 side.

The update includes a list of changes, including updating to PHP 7, that have the potential to break WordPress Login Plugin sites. Applications that have extensively customized the WordPress login plugin will require code updates. The release notes provide more in-depth information about the changes that were made.

What are the other changes associated with this new version?
All of the changes for this version can be found in the changelog for 4.0.

How can I upgrade my Auth0 Login plugin?
Auth0 recommends that all users of the plugin upgrade to the new release (version 4.0.0) immediately, regardless of the version they use. You can update via the WordPress Admin dashboard.

Questions?
If you find you have any questions related to this topic or others, please feel free to let us know with a new Community topic related to this. Thank you!