PT-2026-5889 · WordPress · Magic Import Document Extractor
Teerachai Somprasong
·
Published
2026-02-04
·
Updated
2026-02-04
·
CVE-2025-15507
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4
Description
The software is susceptible to unauthorized data modification because of a missing authorization check within the
ajax sync usage() function. This allows unauthenticated attackers to alter the plugin’s license status and credit balance.Recommendations
Update the Magic Import Document Extractor plugin to a version later than 1.0.4.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magic Import Document Extractor