WordPress Plugin Vulnerabilities

OneLogin SAML SSO <= 2.4.2 - Signature Wrapping

Description

OneLogin SAML SSO updates php-saml library to 2.10.0 (it includes SAML Signature Wrapping attack prevention and other security improvements).

Affects Plugins

Plugin icon
onelogin-saml-sso
Fixed in 2.4.3

References

URL
https://github.com/onelogin/wordpress-saml/releases/tag/2.4.3

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Submitter
Sixto Martin
Verified
No
WPVDB ID
57fc5071-e157-422e-b45c-2fb0150de6b9

Timeline

Publicly Published
2016-10-14 (about 9 years ago)
Added
2016-10-17 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-11-18
Title
YITH WooCommerce Wishlist < 4.10.1 - Wishlist Item Deletion via Wishlist Token Disclosure
Published
2023-06-04
Title
WP User Switch < 1.0.3 - Subscriber+ Authentication Bypass
Published
2026-03-11
Title
Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass
Published
2020-01-14
Title
Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass
Published
2024-10-15
Title
UltimateAI <= 2.8.3 - Limited User Password Reset