Description
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Multiple Vulnerabilities (3.3.0)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.1.3)
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)
WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)
WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.8.2)