Low severity2.2NVD Advisory· Published Sep 27, 2023· Updated Apr 8, 2026
CVE-2023-4506
CVE-2023-4506
Description
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:*Range: <=4.1.10
- Range: <=4.1.10
Patches
Vulnerability mechanics
References
4- medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313nvdExploitThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1nvdThird Party Advisory
- wordpress.org/plugins/ldap-login-for-intranet-sites/nvdProduct
- plugins.trac.wordpress.org/changeset/2973005/ldap-login-for-intranet-sitesnvd
News mentions
0No linked articles in our index yet.