PT-2023-12541 · What3Words · What3Words Autosuggest Plugin
Published
2023-07-18
·
Updated
2024-05-17
·
CVE-2021-4428
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
what3words Autosuggest Plugin versions up to 4.0.0
Description
A vulnerability has been found in the what3words Autosuggest Plugin, classified as problematic. The issue affects the
enqueue scripts function of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler, leading to information disclosure. The attack can be launched remotely.Recommendations
For what3words Autosuggest Plugin versions up to 4.0.0, upgrade to version 4.0.1 to address this issue. As a temporary workaround, consider disabling the
enqueue scripts function until the patch is applied. Restrict access to the vulnerable component Setting Handler to minimize the risk of exploitation.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
What3Words Autosuggest Plugin