CVE-2023-3447

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CWE-90)

Published: Jun 29, 2023 / Updated: 17mo ago

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive CVE-2023-3447 originally published on CyberSecurityBoard

miniOrange Active Directory Integration / LDAP Integration plugin for WordPress could allow a remote attacker to obtain sensitive information, caused by a LDAP Injection flaw. Social Login and Register Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by a authentication bypass.

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution 2023-06-23 9.8 CVE-2022-22630 MISC MISC MISC google — android In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-250100597References: N/A 2023-06-28 9.8 CVE-2023-21066 MISC wordpress — wordpress The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution 2023-06-23 9.8 CVE-2022-22630 MISC MISC MISC google — android In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-250100597References: N/A 2023-06-28 9.8 CVE-2023-21066 MISC wordpress — wordpress The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution 2023-06-23 9.8 CVE-2022-22630 MISC MISC MISC google — android In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-250100597References: N/A 2023-06-28 9.8 CVE-2023-21066 MISC wordpress — wordpress The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.