CVE-2025-15508
📋 TL;DR
The Magic Import Document Extractor WordPress plugin exposes the site's magicimport.ai license key in page source code through the get_frontend_settings() function. Unauthenticated attackers can extract this sensitive information from any page containing the plugin's shortcode. All WordPress sites using this plugin up to version 1.0.4 are affected.
💻 Affected Systems
- Magic Import Document Extractor WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
License key theft enables unauthorized access to magicimport.ai services, potential service abuse, and exposure of associated account information.
Likely Case
Attackers steal license keys to abuse paid API services, incurring financial costs or service disruption for the legitimate owner.
If Mitigated
Limited to license key exposure without direct system compromise, but still enables service abuse and potential credential harvesting.
🎯 Exploit Status
Exploitation requires viewing page source of pages with plugin shortcode; trivial for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.5 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/magic-import-document-extractor
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Magic Import Document Extractor'. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.0.5+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Remove Plugin Shortcodes
allTemporarily remove or disable the plugin's shortcodes from all pages/posts to prevent exposure.
Deactivate Plugin
allDeactivate the plugin until patched to completely prevent information exposure.
🧯 If You Can't Patch
- Rotate magicimport.ai license key immediately after patching
- Monitor magicimport.ai API usage for unauthorized activity
🔍 How to Verify
Check if Vulnerable:
View page source of any page containing plugin shortcode and search for 'magicimport.ai' or license key patterns.Check Version:
Check WordPress admin panel under Plugins > Installed Plugins for Magic Import Document Extractor version.Verify Fix Applied:
After update, check page source again to confirm license key no longer appears in frontend code.📡 Detection & Monitoring
Log Indicators:
- Unusual access to pages with plugin shortcodes
- Multiple requests to same pages from single IPs
Network Indicators:
- HTTP requests to pages with shortcodes followed by immediate disconnection
SIEM Query:
source="web_access_logs" | search "GET /page-with-shortcode" | stats count by src_ip | where count > threshold