Name of the Vulnerable Software and Affected Versions:

Cloud SAML SSO plugin for WordPress versions up to and including 1.0.19

Description:

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `set organization settings` action of the `csso handle actions()` function. The handler reads client-supplied POST parameters for organization settings and passes them directly to `update option()` without verifying user capabilities or a CSRF nonce. This allows unauthenticated attackers to change critical configuration settings, potentially disrupting the SSO flow and causing a denial-of-service.

Recommendations:

Versions prior to 1.0.20: Update to a version newer than 1.0.19.