PT-2026-60407 · WordPress · Saml Single Sign On – Sso Login
Lhking
·
Published
2026-07-16
·
Updated
2026-07-16
·
CVE-2026-15013
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAML Single Sign On – SSO Login plugin for WordPress versions prior to 5.4.4
Description
An authentication bypass exists due to SAML Signature Algorithm Confusion. The
Mo SAML Utilities::mo saml cast key() function reads the SignatureMethod attribute directly from the attacker-controlled SAMLResponse parameter instead of enforcing the locally configured algorithm. This allows the plugin to recast the Identity Provider's RSA public key as an HMAC-SHA1 shared secret and validate a forged signature against it. Consequently, unauthenticated attackers can forge a SAML assertion for any account, including administrators, to obtain valid authentication cookies and achieve full account takeover.Recommendations
Update the plugin to version 5.4.4 or later.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Saml Single Sign On – Sso Login