[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foxgi8f_j0bBfIz0Sz480atxrSD8UQ-WyQEq3BBKwJtA":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-3447","active-directory-integration-ldap-integration-authenticated-subscriber-ldap-injection","Active Directory Integration \u002F LDAP Integration \u003C= 4.1.5 - Authenticated (Subscriber+) LDAP Injection","The Active Directory Integration \u002F LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.","ldap-login-for-intranet-sites",null,"\u003C=4.1.5","4.1.6","high",7.6,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:L\u002FA:L","Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')","2023-06-28 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=api-prod",209]