CVE-2025-7045 is a vulnerability identified in the Cloud SAML SSO plugin for WordPress, developed by cloudinfrastructureservices. The flaw arises from a missing authentication check on the delete_config action within the csso_handle_actions() function. Specifically, the plugin fails to verify whether the user attempting to delete an Identity Provider (IdP) configuration has the necessary permissions. This absence of capability validation allows unauthenticated attackers to delete any configured IdP. Since the IdP configuration is critical for the Single Sign-On (SSO) authentication flow, its deletion disrupts the SSO process, effectively causing a denial-of-service (DoS) condition for legitimate users relying on SSO to access services. The vulnerability affects all versions up to and including 1.0.19 of the plugin. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with the vector highlighting that the attack can be performed remotely without authentication or user interaction, and impacts integrity and availability but not confidentiality. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is categorized under CWE-306, which relates to missing authentication for critical functions, emphasizing the importance of access control in security-sensitive operations.

For European organizations using WordPress sites with the Cloud SAML SSO plugin, this vulnerability poses a significant risk to their authentication infrastructure. The ability for an unauthenticated attacker to delete IdP configurations can disrupt user access to critical internal and external applications that rely on SSO, leading to operational downtime and potential loss of productivity. While the vulnerability does not directly expose sensitive data (no confidentiality impact), the denial-of-service effect on authentication can indirectly affect business continuity and user trust. Organizations in sectors such as finance, healthcare, government, and large enterprises that heavily depend on SSO for secure and streamlined access are particularly vulnerable. Additionally, disruption of SSO could force users to revert to less secure authentication methods temporarily, increasing the risk of further security incidents. The lack of authentication requirement and ease of exploitation heighten the threat, especially if attackers target high-profile or critical infrastructure websites. The absence of known exploits currently provides a window for mitigation, but the potential impact remains substantial.

European organizations should immediately audit their WordPress installations to identify the presence and version of the Cloud SAML SSO plugin. Until an official patch is released, administrators should consider disabling or removing the plugin to prevent exploitation. If disabling is not feasible, implementing web application firewall (WAF) rules to block unauthenticated requests targeting the delete_config action or the csso_handle_actions() function can reduce risk. Monitoring logs for suspicious requests attempting to invoke this action is critical for early detection. Organizations should also enforce strict access controls on WordPress administrative interfaces and ensure that only trusted personnel have plugin management privileges. Regular backups of IdP configurations and WordPress settings should be maintained to enable rapid restoration if deletion occurs. Finally, organizations should subscribe to vendor advisories and CVE databases to apply patches promptly once available.