WordPress Plugin Vulnerabilities

OneLogin SAML SSO <= 2.1.5 - Authentication Bypass

Description

The OneLogin SAML SSO WordPress plugin was affected by an Authentication Bypass security vulnerability.

Affects Plugins

Plugin icon
onelogin-saml-sso
Fixed in 2.1.6

References

URL
https://hackerone.com/reports/136169
URL
https://github.com/onelogin/wordpress-saml/commit/b102b16ce29ed92d2c4677ca491c6bbe33ee25fa

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9f87f7b1-aecc-4abf-9dd0-078815f16d7e

Timeline

Publicly Published
2016-06-06 (about 9 years ago)
Added
2016-06-06 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2022-09-05
Title
OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass
Published
2014-08-01
Title
LayerSlider 4.6.1 - Remote Path Traversal File Access
Published
2025-10-03
Title
OAuth Single Sign On < 6.26.13 - Authentication Bypass
Published
2025-02-06
Title
Nextend Social Login Pro < 3.1.17 - Authentication Bypass via Apple OAuth provider
Published
2025-01-06
Title
PayU CommercePro Plugin < 3.8.4 - Unauthenticated Privilege Escalation