PT-2026-60407 · WordPress · Saml Single Sign On – Sso Login

Lhking

·

Published

2026-07-16

·

Updated

2026-07-16

·

CVE-2026-15013

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SAML Single Sign On – SSO Login plugin for WordPress versions prior to 5.4.4
Description An authentication bypass exists due to SAML Signature Algorithm Confusion. The Mo SAML Utilities::mo saml cast key() function reads the SignatureMethod attribute directly from the attacker-controlled SAMLResponse parameter instead of enforcing the locally configured algorithm. This allows the plugin to recast the Identity Provider's RSA public key as an HMAC-SHA1 shared secret and validate a forged signature against it. Consequently, unauthenticated attackers can forge a SAML assertion for any account, including administrators, to obtain valid authentication cookies and achieve full account takeover.
Recommendations Update the plugin to version 5.4.4 or later.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15013

Affected Products

Saml Single Sign On – Sso Login