Lucene search
HistoryNov 21, 2022 - 11:15 a.m.
CVE-2022-3691
deepl pro api
translation plugin
wordpress
cve-2022-3691
security vulnerability
sensitive information disclosure
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
62.0%
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.
Affected configurations
Node
fluenxdeepl_api_translationRange<1.7.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fluenx | deepl_api_translation | * | cpe:2.3:a:fluenx:deepl_api_translation:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "DeepL Pro API translation plugin",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.7.5"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Social References
More
Related
prion
prion
Code injection
2022-11-21 11:15:00
patchstack
patchstack
cnvd
cnvd
WordPress DeepL Pro API translation information leakage vulnerability
2022-11-23 00:00:00
cvelist
cvelist
CVE-2022-3691 DeepL Pro API Translation < 1.7.5 - API Key Disclosure
2022-11-21 00:00:00
nvd
nvd
CVE-2022-3691
2022-11-21 11:15:20
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
62.0%
Related for CVE-2022-3691