CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5003 – Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
https://notcve.org/view.php?id=CVE-2023-5003
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. El complemento Active Directory Integration / LDAP Integration de WordPress anterior a 4.1.10 almacena registros LDAP confidenciales en un archivo de búfer cuando un administrador desea exportar dichos registros. Desafortunadamente, este archivo de registro nunca se elimina y permanece accesible para cualquier usuario que conozca la URL para hacerlo. The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.1.9 via log files that are left over and not deleted. • https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4506 – Active Directory Integration / LDAP Integration <= 4.1.9 - Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2023-4506
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. El complemento de integración de Active Directory Integration / LDAP para WordPress es vulnerable a LDAP Passback en versiones hasta la 4.1.10 inclusive. Esto se debe a una validación insuficiente al cambiar el servidor LDAP. • https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313 https://wordpress.org/plugins/ldap-login-for-intranet-sites https://www.wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3447 – Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection
https://notcve.org/view.php?id=CVE-2023-3447
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory. The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2599 – Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection
https://notcve.org/view.php?id=CVE-2023-2599
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5 https://www.wordfence.com/threat-intel/vulnerabilities/id/74089b16-76fa-4654-9007-3f0c2e894894?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2484 – Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection
https://notcve.org/view.php?id=CVE-2023-2484
The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5 https://www.wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •