EUVD-2025-4241

Malicious code in bioql PyPI...

CVE-2025-26768

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

what3words Address Field < 4.0.16 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The what3words Address Field plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-26768

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

CVE-2025-26768 WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

CVE-2025-26768 WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through = 4.0.15...

CVE-2025-26768

CVE-2025-26768 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin what3words Address Field (versions up to 4.0.15). The issue allows stored cross-site scripting via CSRF, affecting the plugin’s Address Field from “n/a through 4.0.15.” The associated CVSS 3.1 base score is 7.1 (HIGH): v...

PT-2025-7229 · What3Words · What3Words Address Field

Name of the Vulnerable Software and Affected Versions: what3words Address Field versions n/a through 4.0.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the what3words Address Field. This means an attacker can perform unauthorized actions on ...

WordPress plugin what3words Address Field 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...

WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin what3words Address Field versions = 4.0.15...

WordPress what3words Address Field Plugin <= 4.0.0 is vulnerable to Sensitive Data Exposure

Software what3words Address Field Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2021-4428 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 74821fc68e46 Credits Unknown Required...

what3words Address Field < 4.0.0 - Admin+ Sensitive Information Disclosure

Description A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. T...

CVE-2021-4428

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The...

CVE-2021-4428

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The...

Information disclosure

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The...

CVE-2021-4428 what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueuescripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The...

CVE-2021-4428

CVE-2021-4428 affects the what3words Autosuggest Plugin for WordPress up to version 4.0.0. The vulnerability is in the enqueue_scripts function of w3w-autosuggest/public/class-w3w-autosuggest-public.php (Setting Handler component) and can lead to information disclosure via remote exploitation. Up...

WordPress Plugin What3words Autosuggest 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

PT-2023-12541 · What3Words · What3Words Autosuggest Plugin

Name of the Vulnerable Software and Affected Versions: what3words Autosuggest Plugin versions up to 4.0.0 Description: A vulnerability has been found in the what3words Autosuggest Plugin, classified as problematic. The issue affects the enqueue scripts function of the file...