Title: FROM THE AUTHOR/PLUGIN DEV
Last modified: March 31, 2020

---

# FROM THE AUTHOR/PLUGIN DEV

 *  [jimcmorrison](https://wordpress.org/support/users/jimcmorrison/)
 * (@jimcmorrison)
 * [6 years, 2 months ago](https://wordpress.org/support/topic/from-the-author-plugin-dev/)
 * Hello WordPress Community members! Auth0 has released a new major version of 
   its WordPress login plugin. This release fixes a number of security vulnerabilities.
 * Auth0 recommends that users of all versions of the plugin upgrade immediately.
 * How to update your WordPress Login Plugin via WordPress Admin Dashboard:
 * Go to your WordPress Admin Dashboard
    Select “Updates” The option to update the
   Auth0 plugin will be available If the updated version is not showing up, wait
   a few minutes, and click “Check Again”
 * How many and how serious are the vulnerabilities?
    The WordPress login plugin
   version 4.0.0 fixes five security vulnerabilities. The highest severity is High
   with a CVSS score of 8.5. The associated CVEs are [CVE-2020-7947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7947),
   [CVE-2020-6753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6753),
   [CVE-2020-5392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5392),
   [CVE-2020-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5391),
   and [CVE-2020-7948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7948).
 * Is the new version backwards compatible?
    Some features were removed from the
   plugin configuration section to address security concerns. These are the [changelog](https://github.com/auth0/wp-auth0/blob/ea46a0b667b0c6971a60f88b295a111dc16eeb90/CHANGELOG.md)
   and [release notes](https://docs.google.com/document/d/1nK5_0Fa1DnP8EKh6HL24AV2dtV2K5yXYGE-fkFcCUno#).
 * There is no need to upgrade configuration on Auth0 side.
 * The update includes a list of changes, including updating to PHP 7, that have
   the potential to break WordPress Login Plugin sites. Applications that have extensively
   customized the WordPress login plugin will require code updates. The release 
   notes provide more in-depth information about the changes that were made.
 * What are the other changes associated with this new version?
    All of the changes
   for this version can be found in the [changelog](https://github.com/auth0/wp-auth0/releases/tag/4.0.0)
   for 4.0.
 * How can I upgrade my Auth0 Login plugin?
    Auth0 recommends that all users of 
   the plugin upgrade to the new release (version 4.0.0) immediately, regardless
   of the version they use. You can update via the WordPress Admin dashboard.
 * Questions?
    If you find you have any questions related to this topic or others,
   please feel free to let us know with a new Community topic related to this. Thank
   you!

The topic ‘FROM THE AUTHOR/PLUGIN DEV’ is closed to new replies.

 * ![](https://ps.w.org/auth0/assets/icon-256x256.png?rev=3351758)
 * [Login by Auth0](https://wordpress.org/plugins/auth0/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/auth0/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/auth0/)
 * [Active Topics](https://wordpress.org/support/plugin/auth0/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/auth0/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/auth0/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [jimcmorrison](https://wordpress.org/support/users/jimcmorrison/)
 * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/from-the-author-plugin-dev/)
 * Status: not a support question