Vulnerability Description
The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniorange | Saml Sp Single Sign On | >= 12.0.0, < 12.1.0 |
References
- https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1Third Party Advisory
- https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddcThird Party Advisory
- https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6facThird Party Advisory
- https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1Third Party Advisory
- https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddcThird Party Advisory
- https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6facThird Party Advisory
FAQ
What is CVE-2022-4496?
CVE-2022-4496 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 befor...
How severe is CVE-2022-4496?
CVE-2022-4496 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4496?
Check the references section above for vendor advisories and patch information. Affected products include: Miniorange Saml Sp Single Sign On.