CVE-2023-4505

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Nov 7, 2023

CWE ID 80

Summary

CVE-2023-4505 is a vulnerability affecting the Staff / Employee Business Directory plugin for WordPress. This issue allows authenticated attackers with administrative access or higher to change the LDAP server with insufficient validation, leading to a LDAP Passback vulnerability. As a result, the attacker can retrieve the credentials for the original LDAP server, posing a significant security risk. Version 1.2.3 and below of the plugin are impacted by this issue. It is essential to apply the necessary patch or update to the plugin to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s4mZN9
https://www.cve.org/CVERecord?id=CVE-2023-4505
https://nvd.nist.gov/vuln/detail/CVE-2023-4505

Back to Vulnerability Database

CVE-2023-4505

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations