Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-23
CVE-2023-5003 - Ldap Integration Plugin
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
PLUGIN
Ldap Integration
CVE-2023-5003
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4506 - Ldap Integration Plugin
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
PLUGIN
Ldap Integration
CVE-2023-4506
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3447 - Ldap Integration Plugin
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
PLUGIN
Ldap Integration
CVE-2023-3447
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2023-0812 - Ldap Integration Plugin
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.
PLUGIN
Ldap Integration
CVE-2023-0812
Risk Score