jgreidy
commented
11 months ago Building new upstream. Including other plugin updates compatible with current WordPress version.
Closed jgreidy closed 8 months ago
jgreidy
commented
11 months ago Building new upstream. Including other plugin updates compatible with current WordPress version.
sarah-cul
commented
8 months ago v2.4.2 of the upstream, we updated this plugin "pantheon-systems/wp-saml-auth": "2.1.4"
After a low-risk vulnerability was recently discovered in the WP SAML Auth plugin, Pantheon released version 2.1.4 with a patch. We recommend updating the plugin as soon as possible.
Vulnerability description: When WordPress authentication is turned off, POST requests to the WP login URL still provide an authentication cookie. A valid WordPress username and password are required in order to receive the authentication cookie.