WordPress Plugin Vulnerabilities

SAML SP Single Sign On < 4.8.84 - Cross-Site Scripting (XSS) via Crafted SAML XML Response

Description

The SAML Single Sign On – SSO Login WordPress plugin was affected by a Cross-Site Scripting (XSS) via Crafted SAML XML Response security vulnerability.

Affects Plugins

Plugin icon
miniorange-saml-20-single-sign-on
Fixed in 4.8.84

References

CVE
CVE-2020-6850
URL
https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Zeroauth
Verified
No
WPVDB ID
87e87506-1b92-4db7-ada1-f1e3c9f26b0c

Timeline

Publicly Published
2020-01-28 (about 6 years ago)
Added
2020-02-17 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-08-29
Title
Social Media & Share Icons < 2.8.4 - Reflected XSS
Published
2014-08-01
Title
Widget Control Powered By Everyblock 1.0.1 - wp-admin/admin.php idDropdown Parameter XSS Weakness
Published
2025-07-20
Title
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor < 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Published
2025-01-16
Title
Gateway for Pasargad Bank <= 2.5.2 - Reflected Cross-Site Scripting
Published
2024-06-28
Title
Events Manager < 6.4.9 - Reflected Cross-Site Scripting