CVE-2022-2987 – The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not ha …

26 September 2022

Vuln ID: CVE-2022-2987

Published: 2022-09-26 13:15:10Z

Description: The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it’s settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication

Source: NVD.NIST.GOV

Date:

26 September 2022

Categorie(s):

NVD

Tag(s):

NVD

Phishing Scams in the Gaming Community20 April 2024
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks20 April 2024
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack20 April 2024
How APIs Help To Improve Your Customers’ Experience [5 Tips]20 April 2024
Essential Cyber Security Plan for Small Business20 April 2024