CVE-2022-4496

EUVD-2022-51837
The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
miniorangesaml_sp_single_sign_on
12.0.0 ≤
𝑥
< 12.1.0
miniorangesaml_sp_single_sign_on
16.0.0 ≤
𝑥
< 16.0.8
miniorangesaml_sp_single_sign_on
20.0.0 ≤
𝑥
< 20.0.7
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1
https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc
https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6fac
https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1
https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc
https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6fac