Magic Import Document Extractor Security & Risk Analysis
wordpress.org/plugins/magic-import-document-extractorAI-powered document extraction for WordPress forms. Supports PDF, Word, images in 10+ languages. 10 free uploads/month.
Is Magic Import Document Extractor Safe to Use in 2026?
Mostly Safe
Score 76/100Magic Import Document Extractor is generally safe to use. 2 past CVEs were resolved. Keep it updated.
The magic-import-document-extractor plugin v1.0.6 presents a mixed security posture. While it demonstrates good practices such as 100% use of prepared statements for SQL queries and proper output escaping, significant concerns remain due to its attack surface and vulnerability history. The presence of three AJAX handlers without authentication checks is a notable weakness, creating potential entry points for unauthorized actions. Taint analysis did not reveal any critical or high-severity vulnerabilities, which is positive, but this does not negate the risks from the unprotected AJAX endpoints. The plugin's history of two known CVEs, with one still unpatched and both classified as medium severity, specifically pointing to Exposure of Sensitive Information and Missing Authorization, is a strong indicator of recurring security flaws. This history, coupled with the current lack of authorization on AJAX handlers, suggests a pattern of vulnerabilities related to access control. In conclusion, while the code base has some robust security implementations, the unaddressed vulnerabilities and unprotected entry points create a substantial risk that needs immediate attention.
Key Concerns
- Unprotected AJAX handlers
- 1 unpatched CVE (medium severity)
- History of missing authorization vulnerabilities
Magic Import Document Extractor Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure
Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification
Magic Import Document Extractor Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Magic Import Document Extractor Attack Surface
AJAX Handlers 3
Shortcodes 1
WordPress Hooks 11
Maintenance & Trust
Magic Import Document Extractor Maintenance & Trust
Maintenance Signals
Community Trust
Magic Import Document Extractor Alternatives
E2Pdf – Export Pdf Tool for WordPress
e2pdf
PDF Builder for CF7, Divi, Elementor Forms, Everest, Fluent, Formidable, Forminator, Gravity, JFB, Ninja, WPForms, WooCommerce, Post Meta, ACF, etc.
Gravity PDF
gravity-forms-pdf-extended
Automatically generate, email and download PDF documents from Gravity Forms entries
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce
sender-net-automated-emails
Sender is an all-in-one email & SMS marketing platform designed keeping the challenges of ecommerce and small businesses in mind.
Zoho Campaigns
zoho-campaigns
Zoho Campaigns
PDF Forms Filler for WPForms
pdf-forms-for-wpforms
Build WPForms from PDF forms. Get PDFs filled automatically and attached to email messages and/or website responses on form submissions.
Magic Import Document Extractor Developer Profile
1 plugin · 0 total installs
How We Detect Magic Import Document Extractor
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/magic-import-document-extractor/admin/css/magic-import-document-extractor-admin.css/wp-content/plugins/magic-import-document-extractor/admin/js/magic-import-document-extractor-admin.js/wp-content/plugins/magic-import-document-extractor/admin/js/magic-import-document-extractor-admin.jsmagic-import-document-extractor/admin/css/magic-import-document-extractor-admin.css?ver=magic-import-document-extractor/admin/js/magic-import-document-extractor-admin.js?ver=HTML / DOM Fingerprints
magic-import-adminmagic-import-tabsmagic-import-tab-panelmi-status-pilldata-plugin-name="magic-import-document-extractor"MagicImportAdmin