Vulnerability Details : CVE-2021-4428
A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.
Vulnerability category: Information leak
Products affected by CVE-2021-4428
- cpe:2.3:a:what3words:autosuggest:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-4428
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4428
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:N/AC:L/Au:M/C:P/I:N/A:N |
6.4
|
2.9
|
VulDB | |
2.7
|
LOW | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
VulDB | |
2.7
|
LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
1.2
|
1.4
|
VulDB | 2024-02-29 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-4428
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: cna@vuldb.com (Primary)
References for CVE-2021-4428
-
https://github.com/what3words/wordpress-autosuggest-plugin/pull/20
[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async by c5haw · Pull Request #20 · what3words/wordpress-autosuggest-plugin · GitHubPatch;Vendor Advisory
-
https://vuldb.com/?id.234247
CVE-2021-4428: what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosurePermissions Required
-
https://vuldb.com/?ctiid.234247
Permissions Required
-
https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac
[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (… · what3words/wordpress-autosuggest-plugin@dd59cba · GitHubPatch
-
https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1
Release v4.0.1 · what3words/wordpress-autosuggest-plugin · GitHubRelease Notes
Jump to