CVE-2022-4496

Summary

CVE	CVE-2022-4496
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-01-30 21:15:00 UTC
Updated	2023-11-07 03:57:00 UTC
Description	The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Miniorange	Saml Sp Single Sign On	All	All	All	All
Application	Miniorange	Saml Sp Single Sign On	All	All	All	All
Application	Miniorange	Saml Sp Single Sign On	All	All	All	All

References

Reference	Source	Link	Tags
miniOrange WordPress SAML SSO Premium < 12.1.0 - Open Redirect in SSO login WordPress Security Vulnerability	MISC	wpscan.com
miniOrange WordPress SAML SSO Standard < 16.0.8 - Open Redirect in SSO login WordPress Security Vulnerability	MISC	wpscan.com
miniOrange WordPress SAML SSO Premium Multisite < 20.0.7 - Open Redirect in SSO login WordPress Security Vulnerability	MISC	wpscan.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.