CVE-2023-5003

Name of the Vulnerable Software and Affected Versions Active Directory Integration / LDAP Integration WordPress plugin versions prior to 4.1.10

Description The issue concerns the storage of sensitive LDAP logs in a buffer file when an administrator exports them. Unfortunately, this log file is never removed and remains accessible to any users who know the URL to access it.

Recommendations For versions prior to 4.1.10, update to version 4.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the buffer file or removing it manually until a patch is applied. Avoid sharing the URL of the log file to minimize the risk of exploitation.