Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-4428
HistoryJul 18, 2023 - 5:15 p.m.

CVE-2021-4428

2023-07-1817:15:11
Google
osv.dev
10
wordpress
what3words
autosuggest plugin
vulnerability
information disclosure
remote attack
upgrading
patch
vdb-234247

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:M/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.

Related

cve 1
nvd 1
prion 1
cvelist 1
wpvulndb 1
githubexploit 3
ibm 1
rapid7blog 1
mssecure 1
mmpc 1
wordfence 1
cve
cve
CVE-2021-4428
2023-07-18 17:15:11
nvd
nvd
CVE-2021-4428
2023-07-18 17:15:11
prion
prion
Information disclosure
2023-07-18 17:15:00
cvelist
cvelist
CVE-2021-4428 what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure
2023-07-18 17:00:04
wpvulndb
wpvulndb
what3words Address Field < 4.0.0 - Admin+ Sensitive Information Disclosure
2023-07-20 00:00:00
githubexploit
githubexploit
Exploit for Expression Language Injection in Apache Log4J
2021-12-13 09:58:11
Exploit for Expression Language Injection in Apache Log4J
2021-12-13 13:41:39
Exploit for Expression Language Injection in Apache Log4J
2021-12-17 06:34:51
ibm
ibm
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects IBM Spectrum Fusion HCI which includes IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus
2022-01-17 16:44:11
rapid7blog
rapid7blog
The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
2021-12-15 19:44:42
mssecure
mssecure
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
mmpc
mmpc
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
2023-07-27 15:52:29

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:M/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON
Related for OSV:CVE-2021-4428
cve1nvd1prion1cvelist1wpvulndb1githubexploit3ibm1rapid7blog1mssecure1mmpc1wordfence1