Cross-Site Scripting (XSS) Vulnerability in miniOrange SAML SP Single Sign On Plugin for WordPress

Cross-Site Scripting (XSS) Vulnerability in miniOrange SAML SP Single Sign On Plugin for WordPress

CVE-2019-12346 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

Learn more about our Wordpress Pen Testing.