5.4.0

Fixed

• Security fix: Resolve CVE-2025-58769

5.3.0

Fixed

• Security fix: Resolve CVE-2025-47275

4.6.2

Full Changelog

Fixed

• Resolved an issue with corrupted JSON payloads.

4.6.1

Changed

• Tested against WordPress 6.5.5 w/ PHP 8.3.
• Improved translated string handling.

Fixed

• Resolved issue with ?wle parameter handling.

5.2.1

Fixed

• Resolves an issue in which the fallback URI secret isn't shown. #903 (HPiirainen)
• Resolves a compatibility issue with changes in WordPress 6.5 causing invalidated sessions. (evansims)

4.6.0

Full Changelog

Added

• Add support for Wordpress 'reauth' #877 (PeterGFernandez)

Changed

• PHP 8.0+ compatibility improvements #878 (PeterGFernandez)
• Remove Initial Setup Wizard #886 (evansims)

---

You can verify the signature of a downloaded release archive using OpenSSL. Download the public signing key from the GitHub repository and save it to the same directory as the .ZIP and .SIGN files provided with this release, then run the following:

openssl dgst -verify public-signing-key.pub -keyform PEM -sha256 -signature Auth0_WordPress_Plugin_4.6.0.zip.sign -binary Auth0_WordPress_Plugin_4.6.0.zip

5.2.0

Added

• feat(SDK-4734): Implement support for Back-Channel Logout #882 (evansims) ¹

Changed

• Bumped auth0-php dependency version range to ^8.10.
• Raised the minimum supported PHP version to 8.1.
• Confirmed support for WordPress 6.4. Updated metadata to reflect support.

Note

¹ To use this feature, an Auth0 tenant must have support for it enabled.

5.1.0

Added

• Organization Name support was added for Authentication API and token handling ¹

Updated

• Bumped tested WordPress version to 6.3.0.
• Bumped auth0-php dependency version range to ^8.7.
• Updated telemetry to indicate wordpress package (previously wp-auth0.)

Note
¹ To use this feature, an Auth0 tenant must have support for it enabled. This feature is not yet available to all tenants.

4.5.0

Full Changelog

Added

• Cookie domain configuration to Advanced Options. #864 (evansims)
• Option to disable plugin logging. #848 (adamstraube)

Fixed

• auth0_update_meta filter not passing $value #847 (QWp6t)
• wpa0_should_create_user filter not registering with correct parameter count #843 (alyxb)

---

You can verify the signature of a downloaded release archive using OpenSSL. Download the public signing key from the GitHub repository and save it to the same directory as the .ZIP and .SIGN files provided with this release, then run the following:

openssl dgst -verify public-signing-key.pub -keyform PEM -sha256 -signature Auth0_WordPress_Plugin_4.5.0.zip.sign -binary Auth0_WordPress_Plugin_4.5.0.zip

5.0.1

Full Changelog

Fixed

• Resolves an issue which sometimes prevented the plugin from being activated on WordPress 6