PT-2026-5890 · WordPress · Magic Import Document Extractor
Teerachai Somprasong
·
Publicado
2026-02-04
·
Atualizado
2026-02-04
·
CVE-2025-15508
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4
Description
The software is susceptible to a sensitive information exposure issue. Unauthenticated attackers can extract the site's
magicimport.ai license key from the page source on any page containing the plugin's shortcode through the get frontend settings() function.Recommendations
Update the Magic Import Document Extractor plugin to a version later than 1.0.4.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Magic Import Document Extractor