CVE-2022-3691

Published: Nov 21, 2022Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.

Affected (1)

Products: Fluenx: Deepl Pro Api Translation

Fluenx

1 product

Deepl Pro Api Translation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fluenx Deepl Pro Api Translation	Before 1.7.5

Related CWEs

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://wpscan.com/vulnerability/4248a0af-1b7e-4e29-8129-3f40c1d0c560

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/4248a0af-1b7e-4e29-8129-3f40c1d0c560

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.