{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24749", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-23T14:53:00.531Z", "datePublished": "2025-01-31T08:24:41.763Z", "dateUpdated": "2026-04-23T14:03:19.860Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "ezpz-sp", "product": "EZPZ SAML SP Single Sign On (SSO)", "vendor": "Overt Software Solutions LTD", "versions": [{"changes": [{"at": "1.2.6", "status": "unaffected"}], "lessThanOrEqual": "1.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "SOPROBRO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:32:52.865Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) ezpz-sp allows Cross Site Request Forgery.<p>This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through <= 1.2.5.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) ezpz-sp allows Cross Site Request Forgery.This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through <= 1.2.5."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:03:19.860Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve"}], "title": "WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-31T15:26:40.376149Z", "id": "CVE-2025-24749", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T15:29:00.510Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-31T15:26:40.376149Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T15:28:54.577Z"}}], "cna": {"title": "WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "SOPROBRO (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Overt Software Solutions LTD", "product": "EZPZ SAML SP Single Sign On (SSO)", "versions": [{"status": "affected", "changes": [{"at": "1.2.6", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.2.5"}], "packageName": "ezpz-sp", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress EZPZ SAML SP Single Sign On (SSO) plugin to the latest available version (at least 1.2.6).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress EZPZ SAML SP Single Sign On (SSO) plugin to the latest available version (at least 1.2.6).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.", "supportingMedia": [{"type": "text/html", "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery.</p><p>This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-31T08:24:41.763Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24749", "state": "PUBLISHED", "dateUpdated": "2025-01-31T15:29:00.510Z", "dateReserved": "2025-01-23T14:53:00.531Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-01-31T08:24:41.763Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) ezpz-sp allows Cross Site Request Forgery.This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through <= 1.2.5."}, {"lang": "es", "value": "La vulnerabilidad Cross-Site Request Forgery (CSRF) en Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) permite Cross Site Request Forgery. Este problema afecta al inicio de sesi\u00f3n \u00fanico (SSO) de EZPZ SAML SP: desde n/a hasta 1.2.5."}], "id": "CVE-2025-24749", "lastModified": "2026-04-23T15:25:26.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-01-31T09:15:11.760", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}