Vulnerability Details CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#developers
- https://zeroauth.ltd/blog/
- https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response/
- https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#developers
- https://zeroauth.ltd/blog/
- https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response/
Products affected by CVE-2020-6850
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:-
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.23
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.24
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.25
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.26
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.27
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.28
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.30
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.31
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.32
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.33
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.34
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.35
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.40
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.41
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.42
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.43
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.44
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.50
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.51
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.52
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.60
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.61
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.62
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.63
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.64
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.65
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.66
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.67
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.68
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.69
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.70
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.71
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.72
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.73
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.74
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.75
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.76
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.77
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.78
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.79
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.80
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.81
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.82
-
cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.83