PT-2026-5890 · WordPress · Magic Import Document Extractor
Teerachai Somprasong
·
Published
2026-02-04
·
Updated
2026-02-04
·
CVE-2025-15508
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4
Description
The software is susceptible to a sensitive information exposure issue. Unauthenticated attackers can extract the site's
magicimport.ai license key from the page source on any page containing the plugin's shortcode through the get frontend settings() function.Recommendations
Update the Magic Import Document Extractor plugin to a version later than 1.0.4.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magic Import Document Extractor