VYPR

Cloud SSO Single Sign On

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-7040HigSep 6, 2025
    risk 0.53cvss 8.2epss 0.00

    The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads…

  • CVE-2025-49264HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO…

  • CVE-2025-7045MedSep 6, 2025
    risk 0.42cvss 6.5epss 0.00

    The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated…

  • CVE-2014-2586Mar 24, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.