CVE Details
Basic Information
| Title | WordPress Single Sign-On (SSO) – Multiple Versions – Incorrect Authorization to Sensitive Information Exposure |
|---|---|
| Type | cve |
| Published | 2025-06-12T08:22:43.767Z |
| Last Seen |
Product Information
| Vendor | cyberlord92 |
|---|---|
| Product | WordPress Single Sign-On (SSO) – Single Site Standard |
| Version | * |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The WordPress Single Sign-On (SSO) plugin is vulnerable to unauthorized access due to a misconfigured capability check, allowing unauthenticated attackers to access sensitive data. This affects all versions up to and including *.5.3. |
|---|---|
| AI Severity | Medium |
| Vendor | cyberlord92 |
| Product | WordPress Single Sign-On (SSO) |
| Affected Version | * |
Affected Products
- cyberlord92 WordPress Single Sign-On (SSO) – Single Site Standard *
- cyberlord92 WordPress Single Sign-On (SSO) – Single Site Premium *
- cyberlord92 WordPress Single Sign-On (SSO) – Multisite Premium *
- cyberlord92 WordPress Single Sign-On (SSO) – Single Site Enterprise *
- cyberlord92 WordPress Single Sign-On (SSO) – Multisite Enterprise *
- cyberlord92 WordPress Single Sign-On (SSO) – Single Site All-Inclusive *
- cyberlord92 WordPress Single Sign-On (SSO) – Multisite All-Inclusive *
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-863 |
| Bulletin Family |
References
Description
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.