CVE-2020-6753: 
WordPress vulnerability analysis and mitigation

The Login by Auth0 plugin before version 4.0.0 for WordPress contains a stored Cross-Site Scripting (XSS) vulnerability affecting multiple pages. This vulnerability is tracked as CVE-2020-6753 and is distinct from CVE-2020-5392. The issue was discovered and reported by Muhamad Visat, with the vulnerability being disclosed on March 31, 2020 (Auth0 Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The stored XSS vulnerability could allow attackers to inject malicious scripts that would be executed in the context of other users' browsers when they visit affected pages. This could potentially lead to the compromise of user sessions, theft of sensitive information, or manipulation of the plugin's functionality (Auth0 Advisory).

Users are strongly advised to upgrade to WordPress Plugin for Auth0 version 4.0.0 or higher to address this vulnerability. This was released as part of a major security update that addressed multiple security issues (Auth0 Advisory, GitHub Release).