Unrated severityNVD Advisory· Published Jan 30, 2023· Updated Mar 28, 2025

miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login

CVE-2022-4496

Description

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/SAML SSO Standardllm-create
Range: >=16.0.0 <16.0.8
WordPress/SAML SSO Premiumllm-create
Range: >=12.0.0 <12.1.0
WordPress/SAML SSO Premium Multisitellm-create
Range: >=20.0.0 <20.0.7
miniOrange/miniOrange WordPress SAML SSO Premiumv5
Range: 12.0.0
miniOrange/miniOrange WordPress SAML SSO Premium MulsiteSitev5
Range: 20.0.0
miniOrange/miniOrange WordPress SAML SSO Standardv5
Range: 16.0.0

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1mitreexploitvdb-entrytechnical-description
wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddcmitreexploitvdb-entrytechnical-description
wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6facmitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000