๐Ÿ” CVE Alert

CVE-2026-7526

MEDIUM 4.3

PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key exposure occurs when the premium add-on is also installed and has saved a key; on Lite-only installations, the exposed data is limited to non-sensitive viewer configuration values such as width, height, toolbar settings, usage tracking, and plan.

CWE CWE-200
Vendor smub
Product pdf embedder
Published May 28, 2026
Last Updated May 28, 2026
Stay Ahead of the Next One

Get instant alerts for smub pdf embedder

Be the first to know when new medium vulnerabilities affecting smub pdf embedder are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

smub / PDF Embedder
0 โ‰ค 4.9.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0f2516-0fa7-415e-868e-6bd259bc6546?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/pdf-embedder/trunk/src/Plugin.php#L224 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/pdf-embedder/tags/4.9.3/src/Plugin.php#L224 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/pdf-embedder/trunk/src/Plugin.php#L204 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/pdf-embedder/tags/4.9.3/src/Plugin.php#L204 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3531901/pdf-embedder/trunk/src/Plugin.php?old=3429550&old_path=pdf-embedder%2Ftrunk%2Fsrc%2FPlugin.php

Credits

Dmitrii Ignatyev