PatchSiren cyber security CVE debrief
CVE-2026-7544 2coders CVE debrief
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials. The vulnerability has a CVSS score of 4.3, indicating a Medium severity level. Administrators and users of the Mux Video Uploader plugin for WordPress should be aware of this vulnerability and take immediate action to protect their installations. The CVE record was published on 2026-07-11T04:17:23.993Z and has not been modified since then.
- Vendor
- 2coders
- Product
- Mux Video Uploader
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-11
- Original CVE updated
- 2026-07-11
- Advisory published
- 2026-07-11
- Advisory updated
- 2026-07-11
Who should care
Administrators and users of the Mux Video Uploader plugin for WordPress should be aware of this vulnerability and take immediate action to protect their installations. This includes updating the plugin to the latest version, verifying and securing Mux API credentials, monitoring for suspicious activity related to the Mux Video Uploader plugin, restricting access to sensitive data and functionality, and implementing additional security measures to protect against authenticated attacks. Operators of WordPress installations with the Mux Video Uploader plugin should prioritize this vulnerability due to its potential impact on sensitive data exposure.
Technical summary
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure. An authenticated attacker with subscriber-level access and above can extract sensitive data, including Mux API credentials, via the muxvideo_enqueue_settings_script. The CVSS score for this vulnerability is 4.3, indicating a Medium severity level. The vulnerability affects all versions up to, and including, 1.1.4 of the Mux Video Uploader plugin. Defenders should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Defensive priority
Medium priority due to the potential for sensitive information exposure.
Recommended defensive actions
- Update the Mux Video Uploader plugin to the latest version.
- Verify and secure Mux API credentials.
- Monitor for suspicious activity related to the Mux Video Uploader plugin.
- Restrict access to sensitive data and functionality.
- Implement additional security measures to protect against authenticated attacks.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-11T04:17:23.993Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials. The CVE record was initially published with limited information, and defenders should verify the affected scope and severity with the vendor. The NVD entry is currently in the 'Received' status, indicating that the CVE record has been received but not yet analyzed or scored.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-11T04:17:23.993Z and has not been modified since then. The NVD entry is currently in the 'Received' status.