CVE-2025-15508

The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the getfrontendsettings function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key from the...

CVE-2025-15508 Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure

The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the getfrontendsettings function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key from the...

CVE-2025-15508

The CVE-2025-15508 entry affects WordPress plugin Magic Import Document Extractor (versions ≤ 1.0.4). The underlying issue is a Sensitive Information Exposure: get_frontend_settings() allows unauthenticated attackers to read the site’s magicimport.ai license key from the page source on pages cont...

CVE-2025-15508

The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the getfrontendsettings function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key from the...

PT-2026-5889

Name of the Vulnerable Software and Affected Versions Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4 Description The software is susceptible to unauthorized data modification because of a missing authorization check within the ajax sync usage function. Thi...