Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
miniorange saml vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-4496
The SAML SSO Standard WordPress plugin version 16.0.0 prior to 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 prior to 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 prior to 20.0.7 does not validate that the redirect parameter to its SSO login en...
Miniorange Miniorange Wordpress Saml Sso Standard
Miniorange Miniorange Wordpress Saml Sso Premium
Miniorange Miniorange Wordpress Saml Sso Premium Mulsitesite
Miniorange Saml Sp Single Sign On
5.4
CVSSv3
CVE-2021-36785
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows XSS.
Miniorange Saml
7.5
CVSSv3
CVE-2021-36786
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
Miniorange Saml
8.8
CVSSv3
CVE-2022-26493
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the S...
Xecuify Drupal 8 Miniorange Saml Sp
Xecuify Drupal 9 Miniorange Saml Sp
Xecuify Drupal 7 Miniorange Saml Sp
Drupal Saml Sp 2.0 Single Sign On
6.1
CVSSv3
CVE-2019-12346
In the miniOrange SAML SP Single Sign On plugin prior to 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
Miniorange Saml Sp Single Sign On
6.1
CVSSv3
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin prior to 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
Miniorange Saml Sp Single Sign On
4.3
CVSSv3
CVE-2023-41873
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a up to and including 5.0.4.
Miniorange Saml Sp Single Sign On
4.8
CVSSv3
CVE-2022-1010
The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin prior to 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disall...
Unknown Login Using Wordpress Users ( Wp As Saml Idp )
Miniorange Login Using Wordpress Users
3.7
CVSSv3
CVE-2023-32994
Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and previous versions unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these con...
Jenkins Project Jenkins Saml Single Sign On(sso) Plugin
Jenkins Saml Single Sign On
4.8
CVSSv3
CVE-2023-32993
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and previous versions does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Jenkins Project Jenkins Saml Single Sign On(sso) Plugin
Jenkins Saml Single Sign On
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
jasmin ransomware
CVE-2025-6110
code execution
CVE-2025-21420
reflected XSS
CVE-2025-5336
wp url shortener
CVE-2025-49113
gr-5400ax
overflow
CVE-2025-6062
letta-ai
CVE-2025-50143
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon