cvedb.io
CVE-2023-3447
HIGH · CVSS 7.6
EPSS exploitation probability: 0%
Published 2023-06-29T05:15:14.177 · Last modified 2026-06-17T06:14:05.737

Summary

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.

Affected products

miniorange — active_directory_integration_\/_ldap_integration

Does this affect you?

Add your gear to cvedb and we'll alert you only when miniorange ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.