Authentication Bypass Vulnerability in WordPress SAML Single Sign-On Plugin by miniOrange
CVE-2026-15013

9.8CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
16 July 2026

What is CVE-2026-15013?

The SAML Single Sign-On plugin for WordPress, developed by miniOrange, is vulnerable to an authentication bypass due to improper handling of the SAML Signature Algorithm attribute. The vulnerability arises when the mo_saml_cast_key() function directly utilizes the SignatureMethod attribute from the potentially manipulated SAMLResponse parameter, bypassing the local security configurations. This flaw allows attackers to forge SAML assertions targeting any user account, including administrators, thereby gaining access to valid authentication cookies and achieving full administrative control over WordPress sites.

Affected Version(s)

SAML Single Sign On – SSO Login 0 <= 5.4.3

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lhking
.