2 matches found
CVE-2025-7040
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...
WordPress Cloud SAML SSO plugin <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action vulnerability
Missing Authorization to Unauthenticated Settings Modification via setorganizationsettings Action vulnerability discovered by kr0d in WordPress Plugin Cloud SAML SSO - Single Sign On Login versions = 1.0.19...