VDB-234247 · CVE-2021-4428 · GCVE-100-234247

what3words Autosuggest Plugin जोपर्यंत 4.0.0 वर WordPress Setting class-w3w-autosuggest-public.php enqueue_scripts माहिती प्रकटीकरण

एक दुर्बलता जी समस्याग्रस्त म्हणून ओळखली गेली आहे, ती what3words Autosuggest Plugin जोपर्यंत 4.0.0 वर WordPress मध्ये सापडली आहे. संबंधित आहे फंक्शन enqueue_scripts फाइल w3w-autosuggest/public/class-w3w-autosuggest-public.php च्या घटक Setting Handler च्या. सॉफ्टवेअरमध्ये केलेली प्रक्रिया माहिती प्रकटीकरण ला कारणीभूत ठरते. CWE द्वारे समस्या जाहीर केल्यास CWE-200 येथे पोहोचता येते. ही दुर्बलता प्रकाशित झाली होती 17/11/2021 म्हणून dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. github.com या ठिकाणी सल्ला डाउनलोडसाठी उपलब्ध आहे. ही त्रुटी CVE-2021-4428 म्हणून वर्गीकृत केली आहे. हा हल्ला रिमोटली सुरू करता येऊ शकतो. तांत्रिक माहिती उपलब्ध आहे. यासाठी कोणताही एक्स्प्लॉइट उपलब्ध नाही. आत्ताच्या क्षणी सुमारे USD $0-$5k असण्याची शक्यता आहे. MITRE ATT&CK प्रकल्प T1592 या हल्ला तंत्रज्ञानाची घोषणा करतो. याला परिभाषित केलेले नाही असे घोषित करण्यात आले आहे. 0-डे म्हणून त्याची अंदाजित काळ्या बाजारातील किंमत $0-$5k एवढी होती. 4.0.1 या आवृत्तीवर अद्ययावत केल्यास ही समस्या सोडवता येईल. नवीन आवृत्ती डाउनलोडसाठी github.com येथे तयार आहे. dd59cbac5f86057d6a73b87007c08b8bfa0c32ac नावाचा पॅच आहे. आपण github.com वरून बगफिक्स डाउनलोड करू शकता. प्रभावित घटकाचा अपग्रेड करण्याची शिफारस केली जाते. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 बदल · 79 डेटा पॉइंट्स

शेत	तयार केली 16/07/2023 04:49 PM	अद्ययावत 1/2 06/08/2023 12:14 PM	अद्ययावत 2/2 06/08/2023 12:21 PM
software_vendor	what3words	what3words	what3words
software_name	Autosuggest Plugin	Autosuggest Plugin	Autosuggest Plugin
software_version	<=4.0.0	<=4.0.0	<=4.0.0
software_platform	WordPress	WordPress	WordPress
software_component	Setting Handler	Setting Handler	Setting Handler
software_file	w3w-autosuggest/public/class-w3w-autosuggest-public.php	w3w-autosuggest/public/class-w3w-autosuggest-public.php	w3w-autosuggest/public/class-w3w-autosuggest-public.php
software_function	enqueue_scripts	enqueue_scripts	enqueue_scripts
vulnerability_cwe	CWE-200 (माहिती प्रकटीकरण)	CWE-200 (माहिती प्रकटीकरण)	CWE-200 (माहिती प्रकटीकरण)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_date	1637103600 (17/11/2021)	1637103600 (17/11/2021)	1637103600 (17/11/2021)
advisory_url	https://github.com/what3words/wordpress-autosuggest-plugin/pull/20	https://github.com/what3words/wordpress-autosuggest-plugin/pull/20	https://github.com/what3words/wordpress-autosuggest-plugin/pull/20
countermeasure_name	अपग्रेड करा	अपग्रेड करा	अपग्रेड करा
countermeasure_date	1637103600 (17/11/2021)	1637103600 (17/11/2021)	1637103600 (17/11/2021)
upgrade_version	4.0.1	4.0.1	4.0.1
countermeasure_upgrade_url	https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1	https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1	https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1
patch_name	dd59cbac5f86057d6a73b87007c08b8bfa0c32ac	dd59cbac5f86057d6a73b87007c08b8bfa0c32ac	dd59cbac5f86057d6a73b87007c08b8bfa0c32ac
countermeasure_patch_url	https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac	https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac	https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac
countermeasure_advisoryquote	[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)	[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)	[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)
source_cve	CVE-2021-4428	CVE-2021-4428	CVE-2021-4428
cna_responsible	VulDB	VulDB	VulDB
software_type	WordPress Plugin	WordPress Plugin	WordPress Plugin
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.9	2.9	2.9
cvss3_vuldb_basescore	2.7	2.7	2.7
cvss3_vuldb_tempscore	2.6	2.6	2.6
cvss3_meta_basescore	2.7	2.7	4.3
cvss3_meta_tempscore	2.6	2.6	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
advisory_identifier		dd59cbac5f86057d6a73b87007c08b8bfa0c32ac	dd59cbac5f86057d6a73b87007c08b8bfa0c32ac
cve_assigned		1689458400 (16/07/2023)	1689458400 (16/07/2023)
cve_nvd_summary		A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.	A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			N
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			M
cvss2_nvd_ci			P
cvss2_nvd_ii			N
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			N
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			3.3
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			2.7

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!