Back to search
CVE-2022-2987
Published: Sep 26, 2022
Modified: May 22, 2025
PUBLISHED
Description
The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication
| Vendor | Product | Versions |
|---|---|---|
Unknown | Ldap WP Login / Active Directory Integration | affected 3.0.2 - < 3.0.2 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now