CVE-2022-3691: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2022-3691) affects the DeepL Pro API translation plugin for WordPress versions before 1.7.5. The issue was discovered by Raad Haddad of Cloudyrion GmbH and was publicly disclosed on October 31, 2022. This security flaw impacts the WordPress plugin 'wpdeepl' and was assigned a CVSS score of 5.3 (medium severity) (WPScan).

The vulnerability is classified as a Sensitive Data Disclosure issue (CWE-200) and falls under the OWASP Top 10 category A3: Sensitive Data Exposure. The technical issue involves the exposure of sensitive information, particularly the DeepL API key, through files that are publicly accessible to unauthenticated visitors. The vulnerability can be exploited through access to specific log files and request data stored in the wp-content/uploads/wpdeepl/ directory (WPScan).

The vulnerability exposes sensitive information, including the DeepL API key, which could potentially be accessed by unauthorized users. This exposure could lead to unauthorized use of the API key and potential abuse of the associated DeepL Pro services (NVD).

The vulnerability has been fixed in version 1.7.5 of the DeepL Pro API translation plugin. Users are advised to update to this version or later to protect their API keys and sensitive information (WPScan).