WordPress Plugin Vulnerabilities

Active Directory Integration / LDAP Integration < 4.1.6 - Sensitive Information Disclosure

Description

The plugin will expose Sensitive Information due to insufficient sanitization of the supplied username value.

Affects Plugins

Plugin icon
ldap-login-for-intranet-sites
Fixed in 4.1.6

References

CVE
CVE-2023-3447

Miscellaneous

Original Researcher
Luca Greeb, Andreas Krüger
Verified
No
WPVDB ID
1d7b475e-4c0d-4ac6-b09f-e5d51eaff8b2

Timeline

Publicly Published
2023-06-28 (about 2 years ago)
Added
2023-06-29 (about 2 years ago)
Last Updated
2023-06-29 (about 2 years ago)

Other

Published
Title
Published
2024-11-14
Title
External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass
Published
2014-08-01
Title
ShareYourCart 1.6.1 - SDK Multiple Unspecified Path Disclosure
Published
2014-08-01
Title
Wordpress 2.5 - Cookie Integrity Protection
Published
2023-05-11
Title
Announcement & Notification Banner – Bulletin < 3.7.0 - Subscriber+ Unauthorized Access and Modification
Published
2014-08-01
Title
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass