Description
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Remediation
References
Related Vulnerabilities
WordPress Plugin Dropdown and scrollable Text Cross-Site Scripting (2.0)
WordPress Plugin Fancy Product Designer-WooCommerce SQL Injection (4.7.4)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1643)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)