CVE-2025-6003 - Vulnerability Details

CVE-2025-6003 - WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure

The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

References

Link	Providers
https://plugins.miniorange.com/wordpress-sso
https://www.wordfence.com/threat-intel/vulnerabilities/id/51aa5531-e5b3-4c47-8d06-58eac6dd92fb?source=cve

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00061}`	epss `{'score': 0.00067}`

Thu, 12 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Jun 2025 08:30:00 +0000

Type	Values Removed	Values Added
Description		The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.
Title		WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure
Weaknesses		CWE-863
References		https://plugins.miniorange.com/wordpress-sso https://www.wordfence.com/threat-intel/vulnerabilities/id/51aa5531-e5b3-4c47-8d06-58eac6dd92fb?source=cve
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-06-12T08:22:43.767Z

Updated: 2025-06-12T13:55:38.251Z

Reserved: 2025-06-11T17:58:46.446Z

Link: CVE-2025-6003

Vulnrichment

Updated: 2025-06-12T13:55:30.185Z

NVD

Status : Awaiting Analysis

Published: 2025-06-12T09:15:22.743

Modified: 2025-06-12T16:06:20.180

Link: CVE-2025-6003

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object