Primary

Context

All-in-One Microsoft 365 & Entra ID/Azure AD SSO Login Authentication Bypass Vulnerability

Vulnerability

A vulnerability allowing authentication bypass has been identified in the All-in-One Microsoft 365 & Entra ID/Azure AD SSO Login plugin for WordPress, affecting all versions through 2.2.5. This vulnerability enables unauthenticated attackers to bypass authentication mechanisms and log in as other users, including those with administrative privileges.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to log in as other users, potentially including administrators.

Remediation

Users are advised to update the plugin to version 2.2.6 or a newer patched version.

Added: Mar 3, 2026, 2:18 AM

Updated: Mar 3, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

3.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

3.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

All-in-One Microsoft 365 & Entra ID/Azure AD SSO Login Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating