Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin prior to 4.0.0 for WordPress via the domain field.
auth0 wp-auth0