๐Ÿ” CVE Alert

CVE-2026-7544

MEDIUM 4.3

Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure

CVSS Score
4.3
EPSS Score
0.2%
EPSS Percentile
15th

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials.

CWE CWE-200
Vendor 2coders
Product mux video uploader
Published Jul 11, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for 2coders mux video uploader

Be the first to know when new medium vulnerabilities affecting 2coders mux video uploader are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

2coders / Mux Video Uploader
0 โ‰ค 1.1.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e462a7ba-887c-408d-87a6-9260a33dcff5?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/trunk/includes/functions.php#L672 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/tags/1.1.4/includes/functions.php#L672 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/trunk/includes/functions.php#L668 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/tags/1.1.4/includes/functions.php#L668 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?reponame=&old=3543763%402coders-integration-mux-video&new=3543763%402coders-integration-mux-video

Credits

Ren Voza