CVE-2023-4505: 
WordPress vulnerability analysis and mitigation

The Staff / Employee Business Directory for Active Directory plugin for WordPress (versions up to 1.2.3) contains an LDAP Passback vulnerability (CVE-2023-4505). The vulnerability exists due to insufficient validation when changing the LDAP server, allowing authenticated attackers with administrative access to change the LDAP server and retrieve credentials for the original LDAP server (NVD).

The vulnerability is an LDAP Passback attack that exploits how systems authenticate users to directory services. When an attacker has administrative access, they can modify the LDAP server URL in the plugin's configuration panel to point to a rogue LDAP server under their control. When the application tests the connection to the new server, it sends the original LDAP credentials in plaintext, allowing the attacker to capture them (Cybertrinchera). The vulnerability has a CVSS v3.1 base score of 4.9 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (NVD).

The successful exploitation of this vulnerability allows authenticated attackers with administrative access to retrieve the credentials used for LDAP authentication in plaintext. These credentials could potentially be used to access the organization's directory service directly (Cybertrinchera).

The vulnerability was addressed in version 1.3 of the plugin with enhanced security measures to prevent LDAP Passback Vulnerability (WordPress Plugin). Users should update to this version or later. The vendor also recommends using LDAPS instead of LDAP, though this does not fully mitigate the vulnerability.