CVE-2023-5003

Summary

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Affected Software

VendorProductVersion RangeStatus
UnknownActive Directory Integration / LDAP Integration0 < 4.1.10affected

Weaknesses

  • CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References