Vulnerability Details CVE-2023-4506
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.9%
CVSS Severity
CVSS v3 Score 2.2
References
- https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313
- https://wordpress.org/plugins/ldap-login-for-intranet-sites/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1?source=cve
- https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313
- https://wordpress.org/plugins/ldap-login-for-intranet-sites/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1?source=cve
Products affected by CVE-2023-4506
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:1.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.5.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.6.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.42
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.43
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.7.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.8.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.91
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:2.92
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.10
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.11
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.12
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.13
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.0.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.85
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.91
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.92
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.5.93
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.9
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.91
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.92
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.93
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.94
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.95
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.96
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.97
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.98
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.6.99
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:3.7.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.1
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.6
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.7
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.0.8
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.0
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.10
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.2
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.3
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.4
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.5
-
cpe:2.3:a:miniorange:active_directory_integration_/_ldap_integration:4.1.6