CVE-2021-4428

EPSS 15.81%
Veröffentlicht 18.07.2023 17:15:11
Zuletzt bearbeitet 21.11.2024 06:37:42
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure

what3words Address Field <= 4.0.0 - Authenticated (Administrator+) Sensitive Information Exposure in class-w3w-autosuggest-public.php

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.

Mögliche Gegenmaßnahme

what3words Address Field: Update to version 4.0.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

What3words ≫ Autosuggest SwPlatformwordpress Version < 4.0.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt what3words Address Field

Version *-4.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.81%	0.965

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	3.3	6.4	2.9	AV:N/AC:L/Au:M/C:P/I:N/A:N