Ldap WP Login / Active Directory Integration by robert05 <= 1.0.1 - Auth Bypass
LANACOMMONVDB ID: 8487b102-56cc-4a47-9689-bd75413a0cfb
The plugin does not have any authorisation and Cross-Site Request Forgery (CSRF) check when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-08-24
- Published
- 2022-09-05
- Affected Version
- <= 3.0.1
Classification
- Type
- Authentication Bypass, Cross-Site Request Forgery (CSRF), Missing Authorization
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
