The "immersive translation" plugin has a serious vulnerability that leaks user privacy and may expose private keys

ChainCatcher news, community user @Cryptohaifeng_ posted on the X platform stating that the "web snapshot" feature of the "immersive translation" plugin has a security vulnerability. When generating and sharing translation snapshots, data is stored on publicly accessible cloud sites, and there is no anti-scraping deployed, which may lead to the leakage of sensitive information such as wallet private keys and financing agreements. Some users have discovered that the leaked information involves documents related to Zhong An International's participation in the A2 round financing subscription agreement of Yuan Coin Technology.

Previously, the product sparked controversy due to restrictions on users using third-party cheap APIs, forcing subscription memberships, and the founder exposing the addresses of other competing authors in the group.