CVE Vulnerability

CVE-2022-2987

The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/0d9638b9-bf8a-474f-992d-2618884d3f67 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:ldap_wp_login_/_active_directory_integration_project:ldap_wp_login_/_active_directory_integration:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-09-26 01:15

Updated : 2022-09-28 04:17

NVD link : CVE-2022-2987

Mitre link : CVE-2022-2987

Products Affected
No products.
CWE
CWE-352

CWE-862