CVE-2026-7526
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key exposure occurs when the premium add-on is also installed and has saved a key; on Lite-only installations, the exposed data is limited to non-sensitive viewer configuration values such as width, height, toolbar settings, usage tracking, and plan.
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based, Mobile
https://plugins.trac.wordpress.org/browser/pdf-embedder/tags/4.9.3/src/Plugin.p…
https://plugins.trac.wordpress.org/browser/pdf-embedder/tags/4.9.3/src/Plugin.p…
https://plugins.trac.wordpress.org/browser/pdf-embedder/trunk/src/Plugin.php#L2…
https://plugins.trac.wordpress.org/browser/pdf-embedder/trunk/src/Plugin.php#L2…
https://plugins.trac.wordpress.org/changeset/3531901/pdf-embedder/trunk/src/Plu…
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0f2516-0fa7-415e-86…