8.6
CVE-2023-3447
- EPSS 0.45%
- Veröffentlicht 29.06.2023 05:15:14
- Zuletzt bearbeitet 21.11.2024 08:17:17
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginActive Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
Mögliche Gegenmaßnahme
Active Directory Integration / LDAP Integration: Update to version 4.1.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Active Directory Integration / LDAP Integration
Version
*-4.1.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Miniorange ≫ Active Directory Integration / Ldap Integration SwPlatformwordpress Version < 4.1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.627 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|