CVE-2020-5391: 
WordPress vulnerability analysis and mitigation

Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before version 4.0.0 for WordPress via the domain field. The vulnerability was discovered and disclosed on March 31, 2020, affecting all versions of WordPress Plugin for Auth0 3.11.3 or earlier (Auth0 Advisory, GitHub Advisory).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue specifically affecting the domain field in the Auth0 WordPress plugin. It has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a network-accessible vulnerability requiring user interaction but no privileges, with potential high impacts on confidentiality, integrity, and availability (NVD).

The CSRF vulnerability could allow attackers to perform unauthorized actions on behalf of authenticated users, potentially compromising the security of the WordPress installation and Auth0 integration. The high CVSS score indicates serious potential consequences including unauthorized access, data manipulation, and service disruption (NVD).

The vulnerability has been patched in version 4.0.0 of the WordPress Plugin for Auth0. Users are strongly recommended to upgrade to version 4.0.0 or higher to address this security issue. The upgrade process may require review of the migration instructions for a smooth transition (GitHub Releases).