what3words Autosuggest Plugin har 4.0.0 ka WordPress Setting class-w3w-autosuggest-public.php enqueue_scripts Bayani fitowa

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a what3words Autosuggest Plugin har 4.0.0 on WordPress. Hakika, aikin enqueue_scripts ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil w3w-autosuggest/public/class-w3w-autosuggest-public.php, a cikin sashen Setting Handler. A sa manipulation ka Bayani fitowa. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-200. Hakika, rauni an bayyana shi 11/17/2021 kamar dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2021-4428. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k. Ana kiran patch ɗin da dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. An tanadi gyaran matsalar don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Goyarwa · 79 Datenpunkte

FurɗeSúgá
07/16/2023 16:49		Gargadi 1/2
08/06/2023 12:14		Gargadi 2/2
08/06/2023 12:21
software_vendorwhat3wordswhat3wordswhat3words
software_nameAutosuggest PluginAutosuggest PluginAutosuggest Plugin
software_version<=4.0.0<=4.0.0<=4.0.0
software_platformWordPressWordPressWordPress
software_componentSetting HandlerSetting HandlerSetting Handler
software_filew3w-autosuggest/public/class-w3w-autosuggest-public.phpw3w-autosuggest/public/class-w3w-autosuggest-public.phpw3w-autosuggest/public/class-w3w-autosuggest-public.php
software_functionenqueue_scriptsenqueue_scriptsenqueue_scripts
vulnerability_cweCWE-200 (Bayani fitowa)CWE-200 (Bayani fitowa)CWE-200 (Bayani fitowa)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
advisory_date1637103600 (11/17/2021)1637103600 (11/17/2021)1637103600 (11/17/2021)
advisory_urlhttps://github.com/what3words/wordpress-autosuggest-plugin/pull/20https://github.com/what3words/wordpress-autosuggest-plugin/pull/20https://github.com/what3words/wordpress-autosuggest-plugin/pull/20
countermeasure_nameGargajiyaGargajiyaGargajiya
countermeasure_date1637103600 (11/17/2021)1637103600 (11/17/2021)1637103600 (11/17/2021)
upgrade_version4.0.14.0.14.0.1
countermeasure_upgrade_urlhttps://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1
patch_namedd59cbac5f86057d6a73b87007c08b8bfa0c32acdd59cbac5f86057d6a73b87007c08b8bfa0c32acdd59cbac5f86057d6a73b87007c08b8bfa0c32ac
countermeasure_patch_urlhttps://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32achttps://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32achttps://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac
countermeasure_advisoryquote[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)
source_cveCVE-2021-4428CVE-2021-4428CVE-2021-4428
cna_responsibleVulDBVulDBVulDB
software_typeWordPress PluginWordPress PluginWordPress Plugin
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore2.92.92.9
cvss3_vuldb_basescore2.72.72.7
cvss3_vuldb_tempscore2.62.62.6
cvss3_meta_basescore2.72.74.3
cvss3_meta_tempscore2.62.64.3
price_0day$0-$5k$0-$5k$0-$5k
advisory_identifierdd59cbac5f86057d6a73b87007c08b8bfa0c32acdd59cbac5f86057d6a73b87007c08b8bfa0c32ac
cve_assigned1689458400 (07/16/2023)1689458400 (07/16/2023)
cve_nvd_summaryA vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auM
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore3.3
cvss3_nvd_basescore7.5
cvss3_cna_basescore2.7

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!