CVE-2021-4428: 
WordPress vulnerability analysis and mitigation

A vulnerability was discovered in what3words Autosuggest Plugin versions up to 4.0.0 for WordPress. The vulnerability affects the enqueue_scripts function in the file w3w-autosuggest/public/class-w3w-autosuggest-public.php and could lead to information disclosure through improper handling of sensitive data (NVD). The issue was patched in version 4.0.1 with commit dd59cbac5f86057d6a73b87007c08b8bfa0c32ac (GitHub Patch).

The vulnerability is classified as an information disclosure issue (CWE-200) that allows remote attackers to access sensitive information. The CVSS v3.1 base score is 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) according to NVD's assessment, though VulDB rates it lower at 2.7 LOW (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) (NVD).

The vulnerability could lead to unauthorized disclosure of sensitive information through the Setting Handler component. The attack can be launched remotely, potentially exposing configuration data and other sensitive settings to unauthorized users (NVD).

The vulnerability has been fixed in version 4.0.1 of the what3words Autosuggest Plugin. Users are recommended to upgrade to this version to address the security issue. The patch (dd59cbac5f86057d6a73b87007c08b8bfa0c32ac) specifically addresses the information disclosure vulnerability and includes improvements for script loading (GitHub Release).