CVE-2023-5003

HIGH NUCLEI

WordPress <4.1.10 - Info Disclosure

Title source: llm

Description

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Exploits (1)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2023/CVE-2023-5003.md

View Code ZIP pw:eip

Nuclei Templates (1)

Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure

HIGHVERIFIEDby s4e-io

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748

Scores

CVSS v3 7.5

EPSS 0.7779

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

miniorange/active_directory_integration_\/_ldap_integration < 4.1.10

Published Oct 16, 2023

Tracked Since Feb 18, 2026