Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-4496
Modified
More InfoOfficial Page
Source-contact@wpscan.com
View Known Exploited Vulnerability (KEV) details
Published At-30 Jan, 2023 | 21:15
Updated At-28 Mar, 2025 | 14:15

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches
miniorange
miniorange
>>saml_sp_single_sign_on>>Versions from 12.0.0(inclusive) to 12.1.0(exclusive)
cpe:2.3:a:miniorange:saml_sp_single_sign_on:*:*:*:*:premium:wordpress:*:*
miniorange
miniorange
>>saml_sp_single_sign_on>>Versions from 16.0.0(inclusive) to 16.0.8(exclusive)
cpe:2.3:a:miniorange:saml_sp_single_sign_on:*:*:*:*:standard:wordpress:*:*
miniorange
miniorange
>>saml_sp_single_sign_on>>Versions from 20.0.0(inclusive) to 20.0.7(exclusive)
cpe:2.3:a:miniorange:saml_sp_single_sign_on:*:*:*:*:multisite:wordpress:*:*
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1contact@wpscan.com
Third Party Advisory
https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddccontact@wpscan.com
Third Party Advisory
https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6faccontact@wpscan.com
Third Party Advisory
https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddcaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6facaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1
Source: contact@wpscan.com
Resource:
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc
Source: contact@wpscan.com
Resource:
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6fac
Source: contact@wpscan.com
Resource:
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6fac
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found