CVE-2023-4506
- EPSS 0.38%
- Veröffentlicht 27.09.2023 15:19:40
- Zuletzt bearbeitet 21.11.2024 08:35:18
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authent...
CVE-2023-3447
- EPSS 0.45%
- Veröffentlicht 29.06.2023 05:15:14
- Zuletzt bearbeitet 21.11.2024 08:17:17
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthen...
CVE-2023-2599
- EPSS 0.13%
- Veröffentlicht 09.06.2023 06:16:10
- Zuletzt bearbeitet 21.11.2024 07:58:54
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on th...
CVE-2023-2484
- EPSS 0.38%
- Veröffentlicht 09.06.2023 06:16:08
- Zuletzt bearbeitet 21.11.2024 07:58:42
The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of suffi...
CVE-2023-0812
- EPSS 0.4%
- Veröffentlicht 15.05.2023 13:15:10
- Zuletzt bearbeitet 24.01.2025 21:15:09
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.