We found results for “”
CVE-2023-3447
Good to know:
Date: June 29, 2023
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
Language: PHP
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-90Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |