Vulnerability Details CVE-2023-3447
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.4%
CVSS Severity
CVSS v3 Score 7.6
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve
Products affected by CVE-2023-3447
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.42
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.43
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.8.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.91
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.92
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.10
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.11
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.12
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.13
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.85
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.91
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.92
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.93
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.91
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.92
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.93
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.94
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.95
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.96
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.97
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.98
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.99
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.5