[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRXShZsxdu_6tQ_xIhEAZJe6vfwRNbw4rKZmK64aaiCE":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":9,"research_verified":22,"research_rounds_completed":23,"research_plan":9,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":9,"research_started_at":9,"research_completed_at":9,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":22,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":22,"source_links":24},"CVE-2023-4757","staff-employee-business-directory-for-active-directory-insufficient-escaping-of-stored-ldap-values","Staff \u002F Employee Business Directory for Active Directory \u003C= 1.2.1 - Insufficient Escaping of Stored LDAP Values","The Staff \u002F Employee Business Directory for Active Directory plugin for WordPress is vulnerable to improper LDAP value escaping in versions up to, and including, 1.2.1. This is due to insufficient escaping on the supplied $user_field_data value. This makes it possible for authenticated attackers with access to edit their LDAP entries to inject malicious JavaScript that will access when a user accesses a page containing the data.","ldap-ad-staff-employee-directory-search",null,"\u003C=1.2.2","1.2.3","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Encoding or Escaping of Output","2023-09-08 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb1355e9f-fa3a-439a-a13f-49b10dd4473a?source=api-prod",137,[],false,0,{"type":25,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":26},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fldap-ad-staff-employee-directory-search\u002Ftags"]