CVE-2023-3447

Name of the Vulnerable Software and Affected Versions Active Directory Integration / LDAP Integration plugin for WordPress versions up to, and including, 4.1.5

Description The issue is related to insufficient escaping on the supplied username value, which makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory. This is due to the plugin's failure to properly neutralize special elements in the LDAP query when processing the username parameter.

Recommendations For versions up to, and including, 4.1.5, update to a version that properly escapes the username value to prevent LDAP injection attacks. As a temporary workaround, consider restricting access to the LDAP directory or implementing additional security measures to minimize the risk of exploitation.