The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-29T04:28:35.916Z
Updated: 2024-11-26T19:32:37.110Z
Reserved: 2023-06-28T16:19:19.045Z
Link: CVE-2023-3447
Vulnrichment
Updated: 2024-08-02T06:55:03.573Z
NVD
Status : Modified
Published: 2023-06-29T05:15:14.177
Modified: 2024-11-21T08:17:17.437
Link: CVE-2023-3447
Redhat
No data.