VYPR

Miniorange Saml 20 Single Sign On

by WordPress

Source repositories

CVEs (3)

  • CVE-2020-6850MedFeb 17, 2020
    risk 0.40cvss 6.1epss 0.01

    Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.

  • CVE-2019-12346MedJun 24, 2019
    risk 0.40cvss 6.1epss 0.01

    In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

  • CVE-2023-41873MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.