Search criteria
6 vulnerabilities found for staff_\/_employee_business_directory_for_active_directory by miniorange
FKIE_CVE-2023-4757
Vulnerability from fkie_nvd - Published: 2024-01-16 16:15 - Updated: 2025-06-20 17:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| miniorange | staff_\/_employee_business_directory_for_active_directory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:miniorange:staff_\\/_employee_business_directory_for_active_directory:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "797ADB02-2434-4A34-B683-ABA9895B6C6D",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin."
},
{
"lang": "es",
"value": "El complemento de WordPress Staff / Employee Business Directory para Active Directory anterior a 1.2.3 no sanitiza ni escapa los datos devueltos por el servidor LDAP antes de representarlos en la p\u00e1gina, lo que permite a los usuarios que pueden controlar sus entradas en el directorio LDAP inyectar javascript malicioso que podr\u00eda usarse contra usuarios con altos privilegios, como un administrador de sitio."
}
],
"id": "CVE-2023-4757",
"lastModified": "2025-06-20T17:15:34.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-16T16:15:13.350",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4505
Vulnerability from fkie_nvd - Published: 2023-09-27 15:19 - Updated: 2024-11-21 08:35
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| miniorange | staff_\/_employee_business_directory_for_active_directory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:miniorange:staff_\\/_employee_business_directory_for_active_directory:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D608A546-232D-4055-A2AE-2A85BA0A11A9",
"versionEndExcluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server."
},
{
"lang": "es",
"value": "El complemento Staff / Employee Business Directory para Active Directory para WordPress es vulnerable a LDAP Passback en versiones hasta la 1.2.3 inclusive. Esto se debe a una validaci\u00f3n insuficiente al cambiar el servidor LDAP. Esto hace posible que atacantes autenticados, con acceso administrativo y superior, cambien el servidor LDAP y recuperen las credenciales del servidor LDAP original."
}
],
"id": "CVE-2023-4505",
"lastModified": "2024-11-21T08:35:18.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-27T15:19:40.627",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified"
}
CVE-2023-4757 (GCVE-0-2023-4757)
Vulnerability from cvelistv5 – Published: 2024-01-16 15:56 – Updated: 2025-06-20 17:06
VLAI?
Title
Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries
Summary
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Staff / Employee Business Directory for Active Directory |
Affected:
0 , < 1.2.3
(semver)
|
Credits
Pedro José Navas Pérez from Hispasec
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T16:48:14.110890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:06:07.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Staff / Employee Business Directory for Active Directory",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Jos\u00e9 Navas P\u00e9rez from Hispasec"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T15:56:36.620Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Staff / Employee Business Directory for Active Directory \u003c 1.2.3 - Improper escaping of LDAP entries",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4757",
"datePublished": "2024-01-16T15:56:36.620Z",
"dateReserved": "2023-09-04T11:54:51.663Z",
"dateUpdated": "2025-06-20T17:06:07.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4505 (GCVE-0-2023-4505)
Vulnerability from cvelistv5 – Published: 2023-09-26 01:51 – Updated: 2025-02-05 19:19
VLAI?
Summary
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cyberlord92 | Staff / Employee Business Directory for Active Directory |
Affected:
* , ≤ 1.2.3
(semver)
|
Credits
Pedro José Navas Pérez
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:25:35.113466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:19:01.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Staff / Employee Business Directory for Active Directory",
"vendor": "cyberlord92",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Jos\u00e9 Navas P\u00e9rez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T01:51:13.836Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve"
},
{
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/"
},
{
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-25T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4505",
"datePublished": "2023-09-26T01:51:13.836Z",
"dateReserved": "2023-08-23T21:43:23.252Z",
"dateUpdated": "2025-02-05T19:19:01.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4757 (GCVE-0-2023-4757)
Vulnerability from nvd – Published: 2024-01-16 15:56 – Updated: 2025-06-20 17:06
VLAI?
Title
Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries
Summary
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Staff / Employee Business Directory for Active Directory |
Affected:
0 , < 1.2.3
(semver)
|
Credits
Pedro José Navas Pérez from Hispasec
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T16:48:14.110890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:06:07.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Staff / Employee Business Directory for Active Directory",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Jos\u00e9 Navas P\u00e9rez from Hispasec"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T15:56:36.620Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Staff / Employee Business Directory for Active Directory \u003c 1.2.3 - Improper escaping of LDAP entries",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4757",
"datePublished": "2024-01-16T15:56:36.620Z",
"dateReserved": "2023-09-04T11:54:51.663Z",
"dateUpdated": "2025-06-20T17:06:07.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4505 (GCVE-0-2023-4505)
Vulnerability from nvd – Published: 2023-09-26 01:51 – Updated: 2025-02-05 19:19
VLAI?
Summary
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cyberlord92 | Staff / Employee Business Directory for Active Directory |
Affected:
* , ≤ 1.2.3
(semver)
|
Credits
Pedro José Navas Pérez
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:25:35.113466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:19:01.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Staff / Employee Business Directory for Active Directory",
"vendor": "cyberlord92",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Jos\u00e9 Navas P\u00e9rez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T01:51:13.836Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve"
},
{
"url": "https://wordpress.org/plugins/ldap-ad-staff-employee-directory-search/"
},
{
"url": "https://medium.com/%40cybertrinchera/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-25T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4505",
"datePublished": "2023-09-26T01:51:13.836Z",
"dateReserved": "2023-08-23T21:43:23.252Z",
"dateUpdated": "2025-02-05T19:19:01.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}