cleantalk
Vulnerabilities and Security Researches

Staff / Employee Business Directory for Active Directory, CVE-2023-4757

CVE, Research URL

CVE-2023-4757

Home page URL

Security reports for Staff / Employee Business Directory for Active Directory

Application

Staff / Employee Business Directory for Active Directory

Published on
Jan 16, 2024
Research Description
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.
Affected versions
Min -, max 1.2.3.
Status
vulnerable
Previous vulnerability researches
Staff / Employee Business Directory for Active Directory (CVE-2023-4757) , Jun 10, 2024
Staff / Employee Business Directory for Active Directory (CVE-2023-4505) , Jun 10, 2024
Staff Directory – Employee Directory for WordPress (CVE-2025-5531) , Jun 05, 2025
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025