CSRF Vulnerability in EZPZ SAML SP Single Sign On by Overt Software Solutions
CVE-2025-24749

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ezpz Saml Sp Single Sign On (sso)
Vendor: CVE Published:; 31 January 2025

What is CVE-2025-24749?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Overt Software Solutions' EZPZ SAML SP Single Sign On (SSO) product. This vulnerability allows an attacker to perform actions on behalf of unsuspecting users due to improper validation of requests. This issue impacts versions of the product from n/a through 1.2.5, potentially exposing users to unauthorized actions and risks if exploited.

Affected Version(s)

EZPZ SAML SP Single Sign On (SSO) <= 1.2.5

References

https://patchstack.com/database/wordpress/plugin/ezpz-sp/...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

SOPROBRO (Patchstack Alliance)