Vulners
Lucene search
CVE-2022-2987
๐๏ธย 26 Sep 2022ย 12:35:36Reported byย WPScanTypeย 
ย cve๐ย web.nvd.nist.gov๐ฐ๏ธย 1ย Media mentions๐ย 53ย Views๐ WEB
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2022-2987 | 26 Sep 202216:22 | โ | circl |
 | WordPress plugin Ldap WP Login / Active Directory Integration ๅฎๅ จๆผๆด | 26 Sep 202200:00 | โ | cnnvd |
 | WordPress Ldap WP Login / Active Directory Integration Cross-Site Request Forgery Vulnerability | 28 Sep 202200:00 | โ | cnvd |
 | CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass | 26 Sep 202212:35 | โ | cvelist |
 | EUVD-2022-35207 | 3 Oct 202520:07 | โ | euvd |
 | CVE-2022-2987 | 26 Sep 202213:15 | โ | nvd |
 | Cross site request forgery (csrf) | 26 Sep 202213:15 | โ | prion |
 | PT-2022-19890 ยท WordPress ยท Ldap Wp Login / Active Directory Integration | 26 Sep 202200:00 | โ | ptsecurity |
 | CVE-2022-2987 | 23 May 202500:44 | โ | redhatcve |
 | CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass | 26 Sep 202212:35 | โ | vulnrichment |
10
Node
[
{
"product": "Ldap WP Login / Active Directory Integration",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.2",
"status": "affected",
"version": "3.0.2",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
| ldapConfig_nonce | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
| ldapURI | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
| ldapEncrpytMethod | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
| ldapport | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
| ldapDN | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
| ldappassword | request body | / | Unauthenticated modification of plugin settings via init action exposed by example POC; allows attacker to configure LDAP server for authenticated users. | CWE-352,ย CWE-862 |
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 May 2025 15:15Current
7.6High risk
Vulners AI Score7.6
CVSS 3.17.5
EPSS0.00099
SSVC