CVE-2026-15013

cyberlord92 · SAML Single Sign On – SSO Login

The SAML SSO plugin for WordPress is vulnerable to signature algorithm confusion, allowing unauthenticated attackers to forge assertions and gain administrative access.

Executive summary

A critical signature validation flaw in the SAML Single Sign On plugin allows unauthenticated attackers to bypass authentication and achieve full administrator-level account takeover.

Vulnerability

The plugin incorrectly uses user-provided SAML response data to determine the cryptographic signature algorithm, allowing an attacker to force the use of a weaker or mismatched algorithm. This enables the forging of SAML assertions that the plugin improperly validates, resulting in complete authentication bypass.

Business impact

This vulnerability carries a CVSS score of 9.8, reflecting the ease of exploitation and the severity of the outcome. An attacker can gain full administrative control over the WordPress instance, leading to total system compromise, data exfiltration, and the ability to inject malicious code into the site.

Remediation

Immediate Action: Update the SAML Single Sign On – SSO Login plugin to the latest available version provided by the vendor.

Proactive Monitoring: Review WordPress access logs for successful logins that did not originate from the expected Identity Provider (IdP) or show signs of unusual authentication parameters.

Compensating Controls: Temporarily disable the SAML SSO functionality if an immediate update is not feasible, forcing users to authenticate through standard WordPress mechanisms.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the critical nature of authentication bypass flaws, immediate patching is required. Security teams should prioritize this update to ensure that the SAML implementation remains secure against signature forgery attempts.