After a low-risk vulnerability was recently discovered in the WP SAML Auth plugin, Pantheon released version 2.1.4 with a patch. We recommend updating the plugin as soon as possible.
Vulnerability description:
When WordPress authentication is turned off, POST requests to the WP login URL still provide an authentication cookie. A valid WordPress username and password are required in order to receive the authentication cookie.
After a low-risk vulnerability was recently discovered in the WP SAML Auth plugin, Pantheon released version 2.1.4 with a patch. We recommend updating the plugin as soon as possible.
Vulnerability description: When WordPress authentication is turned off, POST requests to the WP login URL still provide an authentication cookie. A valid WordPress username and password are required in order to receive the authentication cookie.