{"api_version":"1","generated_at":"2026-05-13T01:06:31+00:00","cve":"CVE-2025-24749","urls":{"html":"https://cve.report/CVE-2025-24749","api":"https://cve.report/api/cve/CVE-2025-24749.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-24749","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-24749"},"summary":{"title":"WordPress  EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability","description":"Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.","state":"PUBLISHED","assigner":"Patchstack","published_at":"2025-01-31 09:15:11","updated_at":"2026-04-28 19:29:31"},"problem_types":["CWE-352","CWE-352 CWE-352 Cross-Site Request Forgery (CSRF)"],"metrics":[{"version":"3.1","source":"audit@patchstack.com","type":"Secondary","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve","name":"https://patchstack.com/database/wordpress/plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve","refsource":"audit@patchstack.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":""},{"url":"https://patchstack.com/database/Wordpress/Plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve","name":"https://patchstack.com/database/wordpress/plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-24749","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24749","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Overt Software Solutions LTD","product":"EZPZ SAML SP Single Sign On (SSO)","version":"affected n/a 1.2.5 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Update the WordPress EZPZ SAML SP Single Sign On (SSO) plugin to the latest available version (at least 1.2.6).","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"SOPROBRO (Patchstack Alliance)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"24749","cve":"CVE-2025-24749","epss":"0.001420000","percentile":"0.339470000","score_date":"2026-04-28","updated_at":"2026-04-29 00:07:40"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-24749","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-01-31T15:26:40.376149Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-01-31T15:29:00.510Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"ezpz-sp","product":"EZPZ SAML SP Single Sign On (SSO)","vendor":"Overt Software Solutions LTD","versions":[{"changes":[{"at":"1.2.6","status":"unaffected"}],"lessThanOrEqual":"1.2.5","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"SOPROBRO (Patchstack Alliance)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery.</p><p>This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.</p>"}],"value":"Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5."}],"impacts":[{"capecId":"CAPEC-62","descriptions":[{"lang":"en","value":"CAPEC-62 Cross Site Request Forgery"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-352","description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-28T16:11:33.921Z","orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/wordpress/plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update the WordPress EZPZ SAML SP Single Sign On (SSO) plugin to the latest available version (at least 1.2.6)."}],"value":"Update the WordPress EZPZ SAML SP Single Sign On (SSO) plugin to the latest available version (at least 1.2.6)."}],"source":{"discovery":"EXTERNAL"},"title":"WordPress  EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","assignerShortName":"Patchstack","cveId":"CVE-2025-24749","datePublished":"2025-01-31T08:24:41.763Z","dateReserved":"2025-01-23T14:53:00.531Z","dateUpdated":"2026-04-28T16:11:33.921Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-01-31 09:15:11","lastModifiedDate":"2026-04-28 19:29:31","problem_types":["CWE-352","CWE-352 CWE-352 Cross-Site Request Forgery (CSRF)"],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"24749","Ordinal":"1","Title":"WordPress  EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - C","CVE":"CVE-2025-24749","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"24749","Ordinal":"1","NoteData":"Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.","Type":"Description","Title":"WordPress  EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - C"}]}}}