The plugin does not properly verify nonces and sufficiently escape user-supplied parameters, leading to Cross-Site Request Forgery and time-based SQL Injection vulnerabilities via the orderby and order parameters.
CPE | Name | Operator | Version |
---|---|---|---|
ldap-login-for-intranet-sites | lt | 4.1.5 |