CVE-2025-15508

Description

The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the get_frontend_settings() function. This makes it possible for unauthenticated attackers to extract the sites magicimport.ai license key from the page source on any page containing the plugins shortcode.