cleantalk
Vulnerabilities and Security Researches

Staff / Employee Business Directory for Active Directory, CVE-2023-4505

CVE, Research URL

CVE-2023-4505

Home page URL

Security reports for Staff / Employee Business Directory for Active Directory

Application

Staff / Employee Business Directory for Active Directory

Published on
Sep 27, 2023
Research Description
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.
Affected versions
Min -, max 1.3.
Status
vulnerable
Previous vulnerability researches
Staff / Employee Business Directory for Active Directory (CVE-2023-4757) , Jun 10, 2024
Staff / Employee Business Directory for Active Directory (CVE-2023-4505) , Jun 10, 2024
Staff Directory – Employee Directory for WordPress (CVE-2025-5531) , Jun 05, 2025
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025