CVE-2022-4496
Published: 30 January 2023
Summary
CVE-2022-4496 is a medium-severity an unspecified weakness vulnerability in Miniorange Saml Sp Single Sign On. Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51837
Vulnerability details
The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO…
more
login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.