High severity7.6NVD Advisory· Published Jun 29, 2023· Updated Apr 8, 2026
CVE-2023-3447
CVE-2023-3447
Description
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.
Affected products
1- cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:*Range: <4.1.6
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53nvdThird Party Advisory
News mentions
0No linked articles in our index yet.