Описание
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.5 (исключая)
cpe:2.3:a:fluenx:deepl_pro_api_translation:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 66%
0.00523
Низкий
7.5 High
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information in its log files (which are publicly accessible), including DeepL API key.
EPSS
Процентиль: 66%
0.00523
Низкий
7.5 High
CVSS3
Дефекты
CWE-552