CVE-2023-3447

Summary

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.

Affected Software

VendorProductVersion RangeStatus
cyberlord92Active Directory Integration / LDAP Integration0 <= 4.1.5affected

Weaknesses

  • CWE-90: CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References