Vulnerabilities > Onelogin > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-22 | CVE-2016-10928 | Use of Hard-coded Credentials vulnerability in Onelogin Saml SSO The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | 7.5 |
| 2017-01-23 | CVE-2016-5697 | XML Injection (aka Blind XPath Injection) vulnerability in Onelogin Ruby-Saml Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. | 7.5 |