CVE-2023-0812: Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
First published: Mon May 15 2023(Updated: )
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MiniOrange Active Directory Integration / LDAP Integration | <4.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-0812.
What is the title of this vulnerability?
The title of this vulnerability is "The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure."
What is the severity of CVE-2023-0812?
The severity of CVE-2023-0812 is high.
What is the affected software for CVE-2023-0812?
The affected software for CVE-2023-0812 is the Miniorange Active Directory Integration / Ldap Integration WordPress plugin before version 4.1.1.
What is the CWE (Common Weakness Enumeration) for CVE-2023-0812?
The CWE for CVE-2023-0812 is CWE-200.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/title
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/tags
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/miniorange
- canonical/miniorange active directory integration / ldap integration