A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin prior to 4.0.0 for WordPress via the settings page.
auth0 wp-auth0