Home
MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NDefault status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Default status
unaffected
Any version
affected
Description
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.
Problem types
CWE-863 Incorrect Authorization
Product status
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Timeline
| 2025-02-13: | Vendor Notified |
| 2025-06-11: | Disclosed |
Credits
Israël Hallé
References
www.wordfence.com/...-e5b3-4c47-8d06-58eac6dd92fb?source=cve
plugins.miniorange.com/wordpress-sso