Skip to main content

Active Directory Integration Ldap Integration

6 CVEs product

Monthly

CVE-2023-5003 HIGH POC THREAT This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
25.9%
CVE-2023-4506 LOW POC Monitor

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
2.2
EPSS
0.4%
CVE-2023-3447 HIGH PATCH This Week

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress LDAP Code Injection Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-2599 LOW PATCH Monitor

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SQLi WordPress CSRF Denial Of Service Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
3.1
EPSS
0.1%
CVE-2023-2484 HIGH PATCH This Week

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-0812 HIGH POC This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
EPSS 26% CVSS 7.5
HIGH POC THREAT This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
EPSS 0% CVSS 2.2
LOW POC Monitor

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Active Directory Integration Ldap Integration
NVD VulDB
EPSS 1% CVSS 7.6
HIGH PATCH This Week

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress LDAP +2
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SQLi WordPress CSRF +2
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Active Directory Integration Ldap Integration
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy