WordPress Plugin Vulnerabilities

SAML SP SSO < 4.8.74 - Multiple Cross-Site Request Forgery (CSRF)

Description

The SAML Single Sign On – SSO Login WordPress plugin was affected by a Multiple Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
miniorange-saml-20-single-sign-on
Fixed in 4.8.74

References

URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2091487%40miniorange-saml-20-single-sign-on&old=2067632%40miniorange-saml-20-single-sign-on

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
7f92698e-3e18-4236-b7eb-a1215275e853

Timeline

Publicly Published
2019-05-16 (about 6 years ago)
Added
2019-06-19 (about 6 years ago)
Last Updated
2019-06-27 (about 6 years ago)

Other

Published
Title
Published
2025-01-29
Title
WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2025-02-13
Title
ClickWhale < 2.4.4 - Cross-Site Request Forgery
Published
2025-05-07
Title
LiveAgent < 4.4.8 - Cross-Site Request Forgery
Published
2025-09-26
Title
Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending
Published
2022-10-29
Title
Forms by CaptainForm <= 2.5.3 - CSRF