
SAML IDP (Identity Provider) – Login with Website Users Security & Risk Analysis
wordpress.org/plugins/miniorange-wp-as-saml-idpSingle sign on (SSO) login with WordPress Users into any Service Provider like Tableau, Thinkific, Zoom, Moodle LMS, Canvas LMS, Absorb LMS, TalentLMS
Is SAML IDP (Identity Provider) – Login with Website Users Safe to Use in 2026?
Generally Safe
Score 98/100SAML IDP (Identity Provider) – Login with Website Users has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The miniOrange WP as SAML IDP plugin (v1.16.5) exhibits a generally strong security posture, particularly in its handling of direct entry points like AJAX, REST API, and shortcodes, which are reported as completely absent or properly secured. The extensive use of prepared statements for SQL queries (69%) and a very high percentage of properly escaped output (98%) are excellent indicators of good secure coding practices. File operations and external HTTP requests are also present but limited. The presence of a nonce check and capability checks further bolsters its defenses against common WordPress vulnerabilities.
However, concerns arise from the taint analysis, specifically a high-severity flow with unsanitized paths. This suggests a potential weakness where user-supplied input might be used in a way that could lead to path traversal or other file system-related vulnerabilities, despite the low total number of file operations. The plugin's vulnerability history is also a notable concern. While there are no currently unpatched CVEs, the existence of two past vulnerabilities, one high and one medium severity, categorized as SQL Injection and Cross-Site Scripting, indicates a recurring need for vigilant security patching and review. This history, combined with the identified taint flow, suggests that while the developers are implementing good general security measures, specific areas may require more robust sanitization and validation.
In conclusion, the miniOrange WP as SAML IDP plugin benefits from strong defensive coding in many areas, particularly regarding input and output handling and attack surface reduction. The absence of unpatched vulnerabilities at present is positive. Nevertheless, the high-severity taint flow and the historical pattern of SQL Injection and XSS vulnerabilities warrant careful attention and suggest that further hardening in specific input validation and path handling mechanisms would be beneficial.
Key Concerns
- High severity taint flow with unsanitized paths
- Past high severity vulnerability (SQL Injection)
- Past medium severity vulnerability (XSS)
- SQL queries not using prepared statements (31%)
- Bundled library (Select2) - potential outdated version
SAML IDP (Identity Provider) – Login with Website Users Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection
Login using WordPress Users (WP as SAML IDP) <= 1.13.2 - Authenticated (Admin+) Cross-Site Scripting
SAML IDP (Identity Provider) – Login with Website Users Release Timeline
SAML IDP (Identity Provider) – Login with Website Users Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
SAML IDP (Identity Provider) – Login with Website Users Attack Surface
WordPress Hooks 12
Maintenance & Trust
SAML IDP (Identity Provider) – Login with Website Users Maintenance & Trust
Maintenance Signals
Community Trust
SAML IDP (Identity Provider) – Login with Website Users Alternatives
SAML IDP – Login with WordPress Users via SAML SSO
saml-identity-provider-by-wpintegrals
‼️ Important - This plugin is deprecated and no longer maintained.
BlossomThemes Toolkit
blossomthemes-toolkit
BlossomThemes Toolkit provides you necessary widgets for better and effective blogging.
Login for Google Apps
google-apps-login
Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).
SAML Single Sign On – SSO Login
miniorange-saml-20-single-sign-on
SAML SSO (Single Sign On) for WordPress Login with Okta, Entra ID, Azure AD/B2C, G-Suite, Shibboleth, OneLogin, Keycloak, Salesforce [24/7 Support]
WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)
wpo365-login
WordPress + Microsoft Entra | Ext. ID | B2C | M365 Integration for your Digital Workplace. For SSO, Mail, Roles, Access, Profiles, SharePoint, PowerBI …
SAML IDP (Identity Provider) – Login with Website Users Developer Profile
41 plugins · 83K total installs
How We Detect SAML IDP (Identity Provider) – Login with Website Users
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/miniorange-wp-as-saml-idp/css/sso-main-style.css/wp-content/plugins/miniorange-wp-as-saml-idp/css/select2.min.css/wp-content/plugins/miniorange-wp-as-saml-idp/js/sso-main-script.js/wp-content/plugins/miniorange-wp-as-saml-idp/js/select2.min.jsminiorange-wp-as-saml-idp/css/sso-main-style.css?ver=miniorange-wp-as-saml-idp/css/select2.min.css?ver=miniorange-wp-as-saml-idp/js/sso-main-script.js?ver=miniorange-wp-as-saml-idp/js/select2.min.js?ver=HTML / DOM Fingerprints
mo_idp_feedback_formmo_idp_login_message<!-- Added by "SAML IDP (Identity Provider)" plugin -->data-plugin-name="miniorange-wp-as-saml-idp"window.moidp_login_error_messagewindow.moidp_login_success_messagewindow.moidp_invalid_cert_error