CVE-2019-12346: XSS
First published: Mon Jun 24 2019(Updated: )
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| miniOrange SAML SP Single Sign On | <4.8.73 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-12346?
CVE-2019-12346 is a vulnerability in the miniOrange SAML SP Single Sign On plugin for WordPress that allows for XSS attacks via a specially crafted SAMLResponse XML post.
How does CVE-2019-12346 impact WordPress websites?
CVE-2019-12346 allows attackers to execute malicious code through XSS attacks on WordPress websites that have the vulnerable miniOrange SAML SP Single Sign On plugin.
What is the severity rating of CVE-2019-12346?
CVE-2019-12346 has a severity rating of 6.1 (Medium).
How can I fix CVE-2019-12346?
To fix CVE-2019-12346, users should update the miniOrange SAML SP Single Sign On plugin to version 4.8.73 or higher.
Where can I find more information about CVE-2019-12346?
More information about CVE-2019-12346 can be found at the following references: [Reference 1](https://wpvulndb.com/vulnerabilities/9397) and [Reference 2](https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss/).
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/miniorange
- canonical/miniorange saml sp single sign on