Lucene search
K

69 matches found

CVE
CVE
added 2023/09/26 1:51 a.m.71 views

CVE-2023-4506

CVE-2023-4506 affects the WordPress plugin Active Directory Integration / LDAP Integration (ldap-login-for-intranet-sites). The vulnerability arises from insufficient validation when changing the LDAP server, allowing authenticated users with administrative privileges to switch the LDAP server an...

6.5CVSS6.5AI score0.00721EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2023/09/26 1:51 a.m.59 views

CVE-2023-4506 Active Directory Integration / LDAP Integration <= 4.1.10 - LDAP Passback

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...

2.2CVSS6.5AI score0.00721EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2023/09/26 12:0 a.m.14 views

Active Directory Integration / LDAP Integration < 4.2 - Admin LDAP Passback

Description The plugin does not properly validate input when changing the LDAP server. This can result in the ability for authenticated administrators to alter the LDAP server and access the credentials of the original LDAP server...

6.5CVSS6.3AI score0.00721EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/06/29 5:15 a.m.26 views

Directory traversal

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially...

5CVSS7.5AI score0.00532EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/29 4:28 a.m.37 views

CVE-2023-3447 Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable...

7.6CVSS8.7AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

WordPress plugin Active Directory Integration/LDAP Integration 注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An injection vulnerability exists in...

8.6CVSS7.8AI score0.00532EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/06/28 12:0 a.m.13 views

WordPress Active Directory Integration / LDAP Integration Plugin <= 4.1.5 is vulnerable to Sensitive Data Exposure

Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A1: Injection Classification Sensitive Data Exposure CVE CVE-2023-3447 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID f63ceb460cab Credits Luca...

8.6CVSS6.8AI score0.00532EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/15 1:15 p.m.4 views

CVE-2023-0812

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

7.5CVSS7.2AI score0.00819EPSS
Exploits2References1
Prion
Prion
added 2023/05/15 1:15 p.m.19 views

Authorization

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

5CVSS7.5AI score0.00819EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.8 views

CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

7.6AI score0.00819EPSS
Exploits2References1
CVE
CVE
added 2023/05/15 12:15 p.m.58 views

CVE-2023-0812

CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...

7.5CVSS7.6AI score0.00819EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.9 views

WordPress Active Directory Integration / LDAP Integration Plugin <= 4.1.4 is vulnerable to SQL Injection

Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2599 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID adebea5f18df Credits Marco Wotschka...

6.5CVSS6.8AI score0.00424EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.5 views

WordPress plugin Active Directory Integration / LDAP Integration 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in the...

7.5CVSS7.8AI score0.00819EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/27 12:0 a.m.11 views

WordPress Active Directory Integration / LDAP Integration Plugin < 4.1.1 is vulnerable to Sensitive Data Exposure

Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0812 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 79df970a00a6...

7.5CVSS6.8AI score0.00819EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.138 views

Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions meth...

7.5CVSS8.5AI score0.00819EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.15 views

Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. PoC The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions...

7.5CVSS8.3AI score0.00819EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/06 3:50 p.m.8 views

Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform 2.3 Product Release Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

7.5CVSS6.6AI score0.00535EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/01/17 7:38 p.m.5 views

CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username)

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

7.9AI score0.0056EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.4 views

OpenLDAP 注入漏洞

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Foundation in the United States. A security vulnerability exists in the Joomla plugin LDAP Integration with Active Directory and OpenLDAP that stems from not properly cleaning the POST...

7.5CVSS7.3AI score0.0056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/26 12:0 a.m.6 views

PT-2022-19890 · WordPress · Ldap Wp Login / Active Directory Integration

Name of the Vulnerable Software and Affected Versions: Ldap WP Login / Active Directory Integration WordPress plugin versions prior to 3.0.2 Description: The issue concerns a lack of authorization and CSRF checks when updating settings in the Ldap WP Login / Active Directory Integration WordPress...

7.5CVSS7.5AI score0.0039EPSS
Exploits2References5
Rows per page
Query Builder