Skip to main content

Mux Video Uploader

1 CVEs product

Monthly

CVE-2026-7544 MEDIUM This Month

Sensitive Information Exposure in the Mux Video Uploader WordPress plugin (all versions through 1.1.4) allows any authenticated WordPress user at subscriber level or higher to retrieve Mux API credentials via the `muxvideo_enqueue_settings_script` function. Mux API keys exposed this way could enable unauthorized access to the site's Mux account, including video management and potential billing abuse. Reported by Wordfence; no public exploit code or CISA KEV listing identified at time of analysis.

WordPress Information Disclosure Mux Video Uploader
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Sensitive Information Exposure in the Mux Video Uploader WordPress plugin (all versions through 1.1.4) allows any authenticated WordPress user at subscriber level or higher to retrieve Mux API credentials via the `muxvideo_enqueue_settings_script` function. Mux API keys exposed this way could enable unauthorized access to the site's Mux account, including video management and potential billing abuse. Reported by Wordfence; no public exploit code or CISA KEV listing identified at time of analysis.

WordPress Information Disclosure Mux Video Uploader
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy