Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities - CVE-2022-2987 - Vulnerability Database
WP Plugin Ldap Wp Login Integration With Active Directory

WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities - CVE-2022-2987

Critical
Reference: CVE-2022-2987
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-2987
Title: WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities
Overview:

WordPress Plugin Ldap WP Login/Active Directory Integration is prone to multiple vulnerabilities including cross-site scripting and security bypass vulnerabilities. Exploiting these issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site to steal cookie-based authentication credentials or to perform otherwise restricted actions and subsequently update plugins settings. WordPress Plugin Ldap WP Login/Active Directory Integration version 3.0.1 is vulnerable prior versions may also be affected.