Authentication Bypass Vulnerability in WordPress SAML Single Sign-On Plugin by miniOrange
CVE-2026-15013
9.8CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-15013?
The SAML Single Sign-On plugin for WordPress, developed by miniOrange, is vulnerable to an authentication bypass due to improper handling of the SAML Signature Algorithm attribute. The vulnerability arises when the mo_saml_cast_key() function directly utilizes the SignatureMethod attribute from the potentially manipulated SAMLResponse parameter, bypassing the local security configurations. This flaw allows attackers to forge SAML assertions targeting any user account, including administrators, thereby gaining access to valid authentication cookies and achieving full administrative control over WordPress sites.
Affected Version(s)
SAML Single Sign On β SSO Login 0 <= 5.4.3