[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faGI4aP9FfOUTKRw63YdTjBnU4a0SZA94j_kEQfyk1pw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-c5a5c209-0ccd-4fa9-b22d-05bb22247441-onelogin-saml-sso","onelogin-saml-sso-plugin-authentication-bypass","OneLogin SAML-SSO Plugin \u003C 2.1.6 - Authentication Bypass","The OneLogin SAML-SSO plugin for WordPress is vulnerable to authentication bypass due to insufficient user validation in the ~\u002Fonelogin-saml-sso\u002Fonelogin_saml.php file in versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create new accounts, including administrator accounts if an existing administrator's role name, username, or email address is correctly guessed.","onelogin-saml-sso",null,"\u003C2.1.6","2.1.6","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Authentication","2016-06-06 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc5a5c209-0ccd-4fa9-b22d-05bb22247441?source=api-prod",2787]