WordPress Plugin Vulnerabilities
miniOrange WordPress SAML SSO Premium Multisite < 20.0.7 - Open Redirect in SSO login
Description
The plugin does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.
Affects Plugins
References
CVE
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Chirag Ketan Prajapati
Submitter
Harsh Tiwari
Submitter website
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-01-06 (about 1 years ago)
Added
2023-01-06 (about 1 years ago)
Last Updated
2023-03-21 (about 1 years ago)