CVE-2026-15013 in SAML Single Sign On PluginИнформация

Сводка

по MITRE • 16.07.2026

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because `Mo_SAML_Utilities::mo_saml_cast_key()` reads the `SignatureMethod` Algorithm attribute directly from the attacker-controlled `SAMLResponse` parameter rather than enforcing the locally configured algorithm, causing the plugin to recast the IdP's RSA public key as an HMAC-SHA1 shared secret and validate the forged signature against it. This makes it possible for unauthenticated attackers to forge a SAML assertion targeting any WordPress account — including administrators — obtain valid WordPress authentication cookies, and achieve full administrator-level account takeover.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

Wordfence

Резервировать

08.07.2026

Раскрытие

16.07.2026

Модерация

принято

Вход

VDB-379465

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Might our Artificial Intelligence support you?

Check our Alexa App!