{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7045", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-03T10:29:57.334Z", "datePublished": "2025-09-06T03:22:36.869Z", "dateUpdated": "2026-04-08T17:04:58.730Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:58.730Z"}, "affected": [{"vendor": "cloudinfrastructureservices", "product": "Cloud SAML SSO \u2013 Single Sign On Login", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.19", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any configured IdP, breaking the SSO authentication flow and causing a denial-of-service."}], "title": "Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87099513-d8e2-45e5-b7e6-b46558a10d3b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/saml-sso-plugin.php"}, {"url": "https://wordpress.org/plugins/cloud-sso-single-sign-on/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/assets/CSSO_Init.php"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/assets/base/CSSO_ActionHandler.php"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/trunk/assets/base/CSSO_ActionHandler.php?rev=3354459#L130"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-306 Missing Authentication for Critical Function", "cweId": "CWE-306", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-07-03T11:19:56.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-05T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T13:53:13.455304Z", "id": "CVE-2025-7045", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T14:05:21.397Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-08T13:53:13.455304Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T13:53:16.451Z"}}], "cna": {"title": "Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "cloudinfrastructureservices", "product": "Cloud SAML SSO \u2013 Single Sign On Login", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.19"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-03T11:19:56.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-05T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87099513-d8e2-45e5-b7e6-b46558a10d3b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/saml-sso-plugin.php"}, {"url": "https://wordpress.org/plugins/cloud-sso-single-sign-on/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/assets/CSSO_Init.php"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/assets/base/CSSO_ActionHandler.php"}, {"url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/trunk/assets/base/CSSO_ActionHandler.php?rev=3354459#L130"}], "descriptions": [{"lang": "en", "value": "The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any configured IdP, breaking the SSO authentication flow and causing a denial-of-service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:58.730Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7045", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:04:58.730Z", "dateReserved": "2025-07-03T10:29:57.334Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-06T03:22:36.869Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any configured IdP, breaking the SSO authentication flow and causing a denial-of-service."}], "id": "CVE-2025-7045", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-06T04:16:06.650", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/assets/CSSO_Init.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/assets/base/CSSO_ActionHandler.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/tags/1.0.19/saml-sso-plugin.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/cloud-sso-single-sign-on/trunk/assets/base/CSSO_ActionHandler.php?rev=3354459#L130"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/cloud-sso-single-sign-on/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87099513-d8e2-45e5-b7e6-b46558a10d3b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:12:27.661224+00:00", "value": {"mitigation_remediation": ["Upgrade the Cloud SAML SSO plugin to a version newer than 1.0.19 where the delete_config capability check has been added.", "If an upgrade cannot be performed immediately, deactivate or uninstall the plugin to stop unauthenticated deletion of Identity Providers.", "Configure your WordPress setup to restrict access to the delete_config endpoint, such as by applying .htaccess rules or role\u2011based permissions that permit only administrators to trigger the action."], "summary": {"action": "Apply Patch", "impact": "Denial of Service due to unattended Identity Provider deletion"}, "threat_synthesis": {"affected_systems": "WordPress installations running the Cloud SAML SSO \u2013 Single Sign On Login plugin, with versions up to and including 1.0.19, are affected. Any site that has Identity Providers configured is at risk.", "description_and_impact": "The Cloud SAML SSO WordPress plugin contains a missing capability check on the delete_config action. An unauthenticated attacker can send a request that triggers this action and deletes any configured Identity Provider. The loss of an IdP breaks the SSO authentication flow, causing a denial\u2011of\u2011service for users who depend on single sign\u2011on.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.5 and an EPSS score of less than 1\u00a0%, indicating moderate impact and a low likelihood of exploitation at present. The plugin is not listed in the CISA KEV catalog. Attackers could exploit the flaw remotely without authentication by targeting the delete_config endpoint, which would immediately remove IdP settings and incapacitate the SSO feature. Because the issue is a missing authorization check (CWE\u2011306), remediation via a patch or disabling the vulnerable action will eliminate the risk."}}}}, "created": "2025-09-08T15:17:42.543498+00:00", "updated": "2026-04-21T03:15:16.337028+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}