CVE-2023-4757 in Staff Employee Business Directory for Active Directory Plugininfo

Summary

by MITRE • 01/16/2024

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

09/04/2023

Disclosure

01/16/2024

Moderation

accepted

Entry

VDB-239272

CPE

ready

CWE

CWE-90 (confirmed)

CVSS

5.5 (VulDB)

EPSS

0.00240

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-4757
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4757
CVE Details	https://www.cvedetails.com/cve/CVE-2023-4757/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!