CVE-2025-13512

Name of the Vulnerable Software and Affected Versions CoSign Single Signon plugin for WordPress versions up to and including 0.3.1

Description The CoSign Single Signon plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially executing if a user is tricked into performing an action like clicking a malicious link. The vulnerability is related to the $ SERVER['PHP SELF'] parameter.

Recommendations Update the CoSign Single Signon plugin to a version newer than 0.3.1.