CVE-2025-14464

Name of the Vulnerable Software and Affected Versions PDF Resume Parser plugin for WordPress versions prior to 1.1

Description The PDF Resume Parser plugin for WordPress has a flaw that allows exposure of sensitive information. An AJAX action handler is accessible to users without authentication, revealing SMTP configuration data, including credentials. This allows unauthenticated attackers to extract SMTP credentials (username and password) from the WordPress configuration. Compromised email accounts and potential unauthorized access to other systems using the same credentials are possible consequences.

Recommendations Update the PDF Resume Parser plugin to version 1.1 or later.