cleantalk
Vulnerabilities and Security Researches

PDF Embedder, CVE-2026-7526

CVE, Research URL

CVE-2026-7526

Home page URL

Security reports for PDF Embedder

Application

PDF Embedder

Published on
May 28, 2026
Research Description
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key exposure occurs when the premium add-on is also installed and has saved a key; on Lite-only installations, the exposed data is limited to non-sensitive viewer configuration values such as width, height, toolbar settings, usage tracking, and plan.
Affected versions
max 5.0.0.
Status
vulnerable
Previous vulnerability researches
Pdf Embedder Fay (CVE-2024-51795) , Nov 11, 2024
PDF Embedder (CVE-2026-7526) , May 28, 2026
PDF Embedder (CVE-2024-4367) , Jun 07, 2024
PDF Embedder (CVE-2019-19589) , Jun 07, 2024
PDF Embedder (CVE-2024-29141) , Jun 07, 2024
New vulnerability
Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification (CVE-2026-42731) , May 28, 2026
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2026-6287) , May 28, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-24637) , May 28, 2026
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-7651) , May 28, 2026
CRM WordPress Plugin – RepairBuddy (CVE-2026-24638) , May 28, 2026