CVE-2021-4428
published 2023-07-18CVE-2021-4428: A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
15.81%
96.5th percentile
A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| what3words | autosuggest | < 4.0.1 | 4.0.1 |
| what3words | autosuggest_plugin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor the enqueue_scripts function in the what3words Autosuggest Plugin's public class file for unexpected information disclosure via the Setting Handler component ↗
- ·The CVE-2021-4428 identifier is used inconsistently across sources: NVD tracks it as a what3words WordPress plugin information disclosure vulnerability (up to version 4.0.0), while multiple Trend Micro articles incorrectly label it as the Apache Log4Shell (Log4j RCE) vulnerability. The Log4Shell vulnerability is correctly CVE-2021-44228, not CVE-2021-4428. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.3LOWAV:N/AC:L/Au:M/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trendmicro
How to detect Apache HTTP Server Exploitation
blogs_trendmicro·2021-12-21·CVSS 9.0
CVE-2021-4428 [CRITICAL] How to detect Apache HTTP Server Exploitation
Red
## How to detect Apache HTTP Server Exploitation
With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers.
By: Nitesh Surana Dec 21, 2021 Read time: ( words)
Save to Folio
On December 9, news that a vulnerability in Apache Log4j , a commonly used logging package for Java, was found. If exploited, the vulnerability, officially identified as CVE-2021-4428 and dubbed Log4Shell , can result in remote code execution (RCE) by sending crafted log messaged. If you’re using any of the affected products (Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter), you can use our Log4j vulnerability tester to identify any vulnerable server applications.
Similar sever, unauthentica
Trendmicro
How to detect Apache HTTP Server Exploitation
blogs_trendmicro·2021-12-21·CVSS 9.0
CVE-2021-4428 [CRITICAL] How to detect Apache HTTP Server Exploitation
Network
# How to detect Apache HTTP Server Exploitation
With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers.
By: Nitesh Surana
2021/12/21
Read time: ( words)
Save to Folio
On December 9, news that a vulnerability in Apache Log4j, a commonly used logging package for Java, was found. If exploited, the vulnerability, officially identified as CVE-2021-4428 and dubbed Log4Shell, can result in remote code execution (RCE) by sending crafted log messaged. If you’re using any of the affected products (Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter), you can use our Log4j vulnerability tester to identify any vulnerable server applications.
Similar sever, unauthentica
Trendmicro
How to detect Apache HTTP Server Exploitation
blogs_trendmicro·2021-12-21·CVSS 9.0
CVE-2021-4428 [CRITICAL] How to detect Apache HTTP Server Exploitation
Network
## How to detect Apache HTTP Server Exploitation
With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers.
By: Nitesh Surana 2021/12/21 Read time: ( words)
Save to Folio
On December 9, news that a vulnerability in Apache Log4j , a commonly used logging package for Java, was found. If exploited, the vulnerability, officially identified as CVE-2021-4428 and dubbed Log4Shell , can result in remote code execution (RCE) by sending crafted log messaged. If you’re using any of the affected products (Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter), you can use our Log4j vulnerability tester to identify any vulnerable server applications.
Similar sever, unauthenti
Trendmicro
How to detect Apache HTTP Server Exploitation
blogs_trendmicro·2021-12-21·CVSS 9.0
CVE-2021-4428 [CRITICAL] How to detect Apache HTTP Server Exploitation
Network
## How to detect Apache HTTP Server Exploitation
With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers.
By: Nitesh Surana Dec 21, 2021 Read time: ( words)
Save to Folio
On December 9, news that a vulnerability in Apache Log4j , a commonly used logging package for Java, was found. If exploited, the vulnerability, officially identified as CVE-2021-4428 and dubbed Log4Shell , can result in remote code execution (RCE) by sending crafted log messaged. If you’re using any of the affected products (Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter), you can use our Log4j vulnerability tester to identify any vulnerable server applications.
Similar sever, unauthen
Fortinet
Apache Log4j Vulnerability | Fortinet Blog
blogs_fortinet·2021-12-12
Apache Log4j Vulnerability | Fortinet Blog
PSIRT BLOGS
Apache Log4j Vulnerability
By Carl Windsor | December 12, 2021
Apache Log4j Vulnerability Defined
Apache Log4j is a Java-based logging audit framework and Apache Log4j2 1.14.1 and below are susceptible to a remote code execution vulnerability where an attacker can leverage this vulnerability to take full control of a machine.
This module is a prerequisite for other software which means it can be found in many products and is trivial to exploit. It is critical that organizations take immediate action to inventory their systems and prioritize remediation.
Impacted Versions
Apache Log4j 2.x <= 2.15.0-rc1
CVSS: 10 (CRITICAL)
Apache Log4j Vulnerability Overview
Until a few days ago, most people would not have had any knowledge of the Log4j2 software. However, this little-know
https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32achttps://github.com/what3words/wordpress-autosuggest-plugin/pull/20https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1https://vuldb.com/?ctiid.234247https://vuldb.com/?id.234247https://github.com/what3words/wordpress-autosuggest-plugin/commit/dd59cbac5f86057d6a73b87007c08b8bfa0c32achttps://github.com/what3words/wordpress-autosuggest-plugin/pull/20https://github.com/what3words/wordpress-autosuggest-plugin/releases/tag/v4.0.1https://vuldb.com/?ctiid.234247https://vuldb.com/?id.234247
2023-07-18
Published