The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials.
History

Mon, 13 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared 2coders
2coders mux Video Uploader
Wordpress
Wordpress wordpress
Vendors & Products 2coders
2coders mux Video Uploader
Wordpress
Wordpress wordpress

Sat, 11 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Description The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials.
Title Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-07-11T02:31:19.224Z

Updated: 2026-07-13T17:42:04.674Z

Reserved: 2026-04-30T18:53:02.173Z

Link: CVE-2026-7544

cve-icon Vulnrichment

Updated: 2026-07-13T17:41:49.072Z

cve-icon NVD

No data.

cve-icon Redhat

No data.