Description
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials.
Problem types
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Product status
Any version
Timeline
| 2026-07-10: | Disclosed |
Credits
Ren Voza
References
www.wordfence.com/...-887c-408d-87a6-9260a33dcff5?source=cve
plugins.trac.wordpress.org/...o/trunk/includes/functions.php
plugins.trac.wordpress.org/...s/1.1.4/includes/functions.php
plugins.trac.wordpress.org/...o/trunk/includes/functions.php
plugins.trac.wordpress.org/...s/1.1.4/includes/functions.php
plugins.trac.wordpress.org/...02coders-integration-mux-video