cbcvebase.
CVE-2023-5003
published 2023-10-16

CVE-2023-5003: The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to…

PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
25.86%
97.7th percentile
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Affected

1 ranges
VendorProductVersion rangeFixed in
miniorangeactive_directory_integration_ldap_integration< 4.1.104.1.10

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/ldap-authentication-report.csv
  • HTTP GET request to the exposed log file path returns HTTP 200 with CSV headers indicating LDAP authentication log disclosure
  • Response body contains all four CSV column headers: ID, USERNAME, TIME, and LDAP STATUS — use as confirmation of successful log file access
  • Match HTTP status 200 combined with the CSV header words to confirm unauthenticated access to the LDAP log buffer file
  • ·The log file is only present if an administrator has previously triggered a log export; the file is never cleaned up, so it persists indefinitely once created
  • ·Vulnerability affects only Active Directory Integration / LDAP Integration WordPress plugin versions before 4.1.10; fixed in 4.1.10
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.