VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Sep 05, 2023

SAML Single Sign On – SSO Login Vulnerabilities

Review known vulnerability records for the WordPress plugin SAML Single Sign On – SSO Login (`miniorange-saml-20-single-sign-on`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2023-41873 and CVE-2022-4496, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
1
Patch Coverage
100%
Last Updated
Apr 17, 2024
Priority CVE Quick Links

Fast paths into SAML Single Sign On – SSO Login CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2022-4496 Medium 16.0.8
CVE-2022-4496 SAML Single Sign On – SSO Login Vulnerability

SAML Single Sign On – SSO Login Premium Multisite < 20.0.7 - Open Redirect

CVE-2020-6850 Medium 4.8.84
CVE-2020-6850 SAML Single Sign On – SSO Login Cross-Site Scripting

SAML Single Sign On – SAML SSO Login <= 4.8.83 - Cross-Site Scripting

CVE-2019-12346 Medium 4.8.73
CVE-2019-12346 SAML Single Sign On – SSO Login Cross-Site Scripting

SAML Single Sign On – SAML SSO Login < 4.8.73 - Cross-Site Scripting

CVE-2023-41873 Medium 5.0.5
CVE-2023-41873 SAML Single Sign On – SSO Login Vulnerability

SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for SAML Single Sign On – SSO Login so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2023-41873 and CVE-2022-4496
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for SAML Single Sign On – SSO Login

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2023-41873
CVE-2023-41873: SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal

The SAML SP Single Sign On plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the close_welcome_modal function in versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with subscriber-level...

Published
Sep 05, 2023
Patched Release
5.0.5
Affected Versions
Versions up to 5.0.4
Next Step
Update to 5.0.5 or newer if supported.
Open CVE-2023-41873 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4496
CVE-2022-4496: SAML Single Sign On – SSO Login Premium Multisite < 20.0.7 - Open Redirect

The SSO Login Premium Multisite plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 20.0.7 due to missing validation of its redirect parameter. This makes it possible for an attacker to redirect authenticated users. This vulnerability also affect...

Published
Jan 06, 2023
Patched Release
16.0.8
Affected Versions
16 up to before 16.0.8
Next Step
Update to 16.0.8 or newer if supported.
Open CVE-2022-4496 Report Open CVE Reference
Plugin Medium Patched: Yes
SAML Single Sign On – SAML SSO Login <= 4.9.20 - Reflected Cross-Site Scripting

The SAML Single Sign On – SAML SSO Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 4.9.20. This makes it possible for unauthenticated attackers to...

Published
Jun 06, 2022
Patched Release
4.9.21
Affected Versions
Versions up to 4.9.20
Next Step
Update to 4.9.21 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2020-6850
CVE-2020-6850: SAML Single Sign On – SAML SSO Login <= 4.8.83 - Cross-Site Scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.

Published
Jan 28, 2020
Patched Release
4.8.84
Affected Versions
Versions up to 4.8.83
Next Step
Update to 4.8.84 or newer if supported.
Open CVE-2020-6850 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2019-12346
CVE-2019-12346: SAML Single Sign On – SAML SSO Login < 4.8.73 - Cross-Site Scripting

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

Published
May 27, 2019
Patched Release
4.8.73
Affected Versions
Versions before 4.8.73
Next Step
Update to 4.8.73 or newer if supported.
Open CVE-2019-12346 Report Open CVE Reference
Plugin High Patched: Yes
SAML Single Sign On – SAML SSO Login <= 4.8.75 - Cross-Site Request Forgery

The SAML Single Sign On plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.75. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to gain otherwise restricted access to adm...

Published
May 20, 2019
Patched Release
4.8.76
Affected Versions
Versions up to 4.8.75
Next Step
Update to 4.8.76 or newer if supported.
Open Full Report