CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2484 – Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection
https://notcve.org/view.php?id=CVE-2023-2484
The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5 https://www.wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4943 – miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change
https://notcve.org/view.php?id=CVE-2022-4943
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. El complemento Google Authenticator de miniOrange para WordPress es vulnerable a la omisión de autorización debido a una falta de verificación de capacidad al cambiar la configuración del complemento en versiones hasta la 5.6.5 incluida. Esto hace posible que atacantes no autenticados cambien la configuración del complemento. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2842228%40miniorange-2-factor-authentication%2Ftrunk&old=2815645%40miniorange-2-factor-authentication%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/7267ede1-7745-47cc-ac0d-4362140b4c23?source=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0812 – Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
https://notcve.org/view.php?id=CVE-2023-0812
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0 via the 'test_attribute_configuration'. This can allow unauthenticated attackers to extract sensitive data including configuration settings. • https://wpscan.com/vulnerability/0ed5e1b3-f2a3-4eb1-b8ae-d3a62f600107 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 4CVE-2023-1092 – OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF
https://notcve.org/view.php?id=CVE-2023-1092
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.24.1. This is due to missing or incorrect nonce validation on the 'delete' case in the mooauth_client_applist_page function. This makes it possible for unauthenticated attackers to make changes to the configured apps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7 https://wpscan.com/vulnerability/5eb85df5-8aab-4f30-a401-f776a310b09c https://wpscan.com/vulnerability/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b https://wpscan.com/vulnerability/f6e165d9-2193-4c76-ae2d-618a739fe4fb • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1093 – OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF
https://notcve.org/view.php?id=CVE-2023-1093
The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.24.1. This is due to missing or incorrect nonce validation on the 'discard' case in the mooauth_client_applist_page function. This makes it possible for unauthenticated attackers to make changes to the configured apps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/1e13b9ea-a3ef-483b-b967-6ec14bd6d54d • CWE-352: Cross-Site Request Forgery (CSRF) •