CVE-2025-6003
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-06-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the WordPress Single Sign-On (SSO) plugin due to a misconfigured capability check on a function in all versions up to and including the *.5.3 versions. This misconfiguration allows unauthenticated attackers to bypass access controls and extract sensitive data, including site content that is supposed to be restricted to certain users or roles.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive data on your WordPress site. Specifically, unauthenticated attackers could extract restricted site content that should only be accessible to certain users or roles, potentially exposing confidential or private information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the WordPress Single Sign-On (SSO) plugin to a version later than *.5.3 where the misconfigured capability check is fixed. Additionally, review and restrict access permissions for sensitive content and monitor user roles and access logs for unauthorized access attempts.