CVE-2023-4757

Name of the Vulnerable Software and Affected Versions The Staff / Employee Business Directory for Active Directory WordPress plugin versions prior to 1.2.3

Description The issue arises from the plugin's failure to sanitize and escape data returned from the LDAP server before rendering it in the page. This allows users who can control their entries in the LDAP directory to inject malicious javascript, which could be used against high-privilege users such as a site admin.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP directory to minimize the risk of exploitation.