Overview
- Description
- The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
- Source
- security@wordfence.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:miniorange:active_directory_integration_\\/_ldap_integration:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "8CE6AEB1-7872-44F9-889E-ECE07E4D3E93",
"versionEndExcluding": "4.1.6"
}
],
"operator": "OR"
}
]
}
]