CVE-2023-5003: Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
First published: Mon Oct 16 2023(Updated: )
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MiniOrange Active Directory Integration / LDAP Integration | <4.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this plugin?
The vulnerability ID of this plugin is CVE-2023-5003.
What is the severity of CVE-2023-5003?
The severity of CVE-2023-5003 is high.
What software versions are affected by CVE-2023-5003?
Versions up to and excluding 4.1.10 of the Miniorange Active Directory Integration / LDAP Integration WordPress plugin are affected by CVE-2023-5003.
How does CVE-2023-5003 work?
CVE-2023-5003 allows any user who knows the URL to access sensitive LDAP logs stored in a buffer file by the plugin.
How can I fix CVE-2023-5003?
To fix CVE-2023-5003, update the Miniorange Active Directory Integration / LDAP Integration WordPress plugin to version 4.1.10 or later.
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/miniorange
- canonical/miniorange active directory integration / ldap integration