PT-2022-23687 · WordPress · Deepl Pro Api Translation Plugin
Raad Haddad
·
Published
2022-11-21
·
Updated
2023-01-12
·
CVE-2022-3691
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DeepL Pro API translation plugin WordPress plugin versions prior to 1.7.5
Description
The issue concerns the disclosure of sensitive information, including the DeepL API key, in publicly accessible log files. This allows an external, unauthenticated visitor to access these sensitive details.
Recommendations
For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to prevent unauthorized disclosure of sensitive information.
Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deepl Pro Api Translation Plugin