Page 2 of 6 results (0.005 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0812 – Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
https://notcve.org/view.php?id=CVE-2023-0812
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0 via the 'test_attribute_configuration'. This can allow unauthenticated attackers to extract sensitive data including configuration settings. • https://wpscan.com/vulnerability/0ed5e1b3-f2a3-4eb1-b8ae-d3a62f600107 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •