CVE-2025-6003

Summary

The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.

Affected Software

VendorProductVersion RangeStatus
cyberlord92WordPress Single Sign-On (SSO) - Single Site Standard0 <= 18.5.3affected
cyberlord92WordPress Single Sign-On (SSO) - Single Site Premium0 <= 28.5.3affected
cyberlord92WordPress Single Sign-On (SSO) - Multisite Premium0 <= 30.5.3affected
cyberlord92WordPress Single Sign-On (SSO) - Single Site Enterprise0 <= 38.5.3affected
cyberlord92WordPress Single Sign-On (SSO) - Multisite Enterprise0 <= 40.5.3affected
cyberlord92WordPress Single Sign-On (SSO) - Single Site All-Inclusive0 <= 48.5.3affected
cyberlord92WordPress Single Sign-On (SSO) - Multisite All-Inclusive0 <= 50.5.3affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References