Identity Provider Deletion Vulnerability in Cloud SAML SSO Plugin for WordPress
CVE-2025-7045

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Cloud Saml Sso – Single Sign On Login
Vendor: CVE Published:; 6 September 2025

What is CVE-2025-7045?

The Cloud SAML SSO plugin for WordPress has a vulnerability that allows unauthorized users to delete configured Identity Providers (IdPs) due to a missing capability check on the delete_config action. This flaw affects all versions up to and including 1.0.19, enabling an attacker to disrupt the Single Sign-On (SSO) authentication process, potentially leading to a denial of service for users relying on this functionality.

Affected Version(s)

Cloud SAML SSO – Single Sign On Login * <= 1.0.19

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/cloud-sso-sing...

https://wordpress.org/plugins/cloud-sso-single-sign-on/#d...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Jul 3, 2025

Credit

Kenneth Dunn