4 matches found
EUVD-2022-35207
Malicious code in bioql PyPI...
CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass
The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used t...
CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass
The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used t...
CVE-2022-2987
CVE-2022-2987 affects the Ldap WP Login / Active Directory Integration WordPress plugin prior to 3.0.2. The issue is lack of authorization and CSRF protections when updating settings (tied to the init action), allowing unauthenticated attackers to modify settings and potentially configure a malic...