WordPress Plugin Vulnerabilities
DeepL Pro API Translation < 1.7.5 - API Key Disclosure
Description
The plugin discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.
Proof of Concept
https://example.com/wp-content/uploads/wpdeepl/2022-07-operation.log https://example.com/wp-content/uploads/wpdeepl/2022-07-apiRequests.log https://example.com/wp-content/uploads/wpdeepl/-request
Affects Plugins
References
CVE
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-10-31 (about 1 years ago)
Added
2022-10-31 (about 1 years ago)
Last Updated
2022-12-21 (about 1 years ago)