CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46620 – WordPress DeepL Pro API translation Plugin <= 2.3.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46620
25 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento de traducción API Fluenx DeepL en versiones <= 2.3.9.1. The DeepL Pro API translation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1.1. This is due to missing or incorrect nonce validation on the wpdeepl_prune_logs function. This makes it possible for unauthenticated attac... • https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-2-3-6-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27446 – WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27446
02 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Fluenx DeepL API translation en versiones <=2.1.4. The DeepL Pro API translation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the 'saveSettings' function. This makes it possible for unauthenticated attackers to chang... • https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3691 – DeepL Pro API Translation < 1.7.5 - API Key Disclosure
https://notcve.org/view.php?id=CVE-2022-3691
31 Oct 2022 — The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. El complemento de traducción de API de DeepL Pro, el complemento de WordPress anterior a 1.7.5, revela información sensible (incluida la clave de API de DeepL) en archivos a los que puede acceder públicamente un visitante externo no autenticado. The DeepL Pro API Translation plugin for WordPress is vuln... • https://wpscan.com/vulnerability/4248a0af-1b7e-4e29-8129-3f40c1d0c560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •