CVE-2022-4496

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 30-01-2023 10:15

Last modified: - 30-01-2023 10:15

Total changes: - 1

Description

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.

Common Vulnerability Scoring System (CVSS)

Attack complexity

Attack vector

Availability

Confidentiality

Integrity

Privileges required

Scope

User interaction

Base score

Exploitability score

Impact score

Verification logic

Reference

https://wpscan.com/vulnerability/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc
https://wpscan.com/vulnerability/e6c4c8c7-1dcd-45bf-8582-f12accca6fac
https://wpscan.com/vulnerability/af2e30c7-0787-4fe2-97ee-bc616f7178a1

Keywords

CVE-2022-4496

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-4496

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures