LDAP Injection Vulnerability in WordPress Active Directory Integration Plugin

LDAP Injection Vulnerability in WordPress Active Directory Integration Plugin

CVE-2023-3447 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.

Learn more about our Wordpress Pen Testing.