CVE-2021-4428 – what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure

https://notcve.org/view.php?id=CVE-2021-4428

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. • https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32ac https://github.com/what3words/wordpress-autosuggest-plugin/pull/20 https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1 https://vuldb.com/?ctiid.234247 https://vuldb.com/?id.234247 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •