Jafar Sadiq

**Name of the Vulnerable Software and Affected Versions** Auth0-PHP versions 8.0.0 through 8.17.0 Auth0/symfony versions 5.0.0 through 5.5.0 Auth0/laravel-auth0 versions 7.0.0 through 7.19.0 Auth0/wordpress plugin versions 5.0.0-BETA0 through 5.4.0 **Description** The Auth0-PHP SDK contains a flaw in how access token audience validation is handled. This improper validation can lead to applications incorrectly accepting ID tokens as access tokens. This affects applications built with the Auth0-PHP SDK and those utilizing integrations like Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress that depend on vulnerable versions of the Auth0-PHP SDK. **Recommendations** Update Auth0-PHP to version 8.18.0 or later. Update Auth0/symfony to a version later than 5.5.0. Update Auth0/laravel-auth0 to a version later than 7.19.0. Update Auth0/wordpress plugin to a version later than 5.4.0.