Mux Video Uploader
Monthly
Sensitive Information Exposure in the Mux Video Uploader WordPress plugin (all versions through 1.1.4) allows any authenticated WordPress user at subscriber level or higher to retrieve Mux API credentials via the `muxvideo_enqueue_settings_script` function. Mux API keys exposed this way could enable unauthorized access to the site's Mux account, including video management and potential billing abuse. Reported by Wordfence; no public exploit code or CISA KEV listing identified at time of analysis.
Sensitive Information Exposure in the Mux Video Uploader WordPress plugin (all versions through 1.1.4) allows any authenticated WordPress user at subscriber level or higher to retrieve Mux API credentials via the `muxvideo_enqueue_settings_script` function. Mux API keys exposed this way could enable unauthorized access to the site's Mux account, including video management and potential billing abuse. Reported by Wordfence; no public exploit code or CISA KEV listing identified at time of analysis.