Name of the Vulnerable Software and Affected Versions:

Cloud SAML SSO plugin for WordPress versions up to and including 1.0.19

Description:

The Cloud SAML SSO plugin for WordPress is susceptible to Identity Provider Deletion. A missing capability check on the `delete config` action within the `csso handle actions()` function allows unauthenticated attackers to delete any configured Identity Provider (IdP). This action disrupts the SSO authentication flow, resulting in a denial-of-service.

Recommendations:

Update the Cloud SAML SSO plugin for WordPress to a version later than 1.0.19.