84 matches found
WordPress Plugin Video Conferencing with Zoom 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-2031 Video Conferencing with Zoom <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoomrecordingsbymeeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress Video Conferencing with Zoom Plugin <= 4.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Video Conferencing with Zoom Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2031 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9603227b9596 Credits Krzysztof...
CVE-2022-41619 WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control
Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8...
CVE-2022-41619 WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control
Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8...
WordPress plugin Image Zoom security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Video Conferencing with Zoom Plugin <= 4.2.1 is vulnerable to Sensitive Data Exposure
Software Video Conferencing with Zoom Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3947 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 55e6071a651c Credits Lana Codes...
Hardcoded credentials
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...
CVE-2023-3947
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...
WordPress Plugin Video Conferencing with Zoom 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-26960 · WordPress · Video Conferencing With Zoom
Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...
CVE-2022-4578 Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS
The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...
WordPress plugin Video Conferencing with Zoom 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Video Conferencing with Zoom plugin <= 3.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Video Conferencing with Zoom plugin versions = 3.9.2. Solution Update the WordPress Video Conferencing with Zoom plugin to the latest available version at least 3.9.3...
WordPress plugin 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress eRoom-Zoom Meetings & Webinar plugin 1.3.7 an...
Microsoft Outlook Input Validation Error Vulnerability
Microsoft Outlook is a set of email applications from Microsoft Corporation USA. Microsoft Outlook is vulnerable to an input validation error that originates from a failure to properly validate the validity of the package during the product's Zoom Plugin installation. An attacker could cause an...
Zoom Plugin Code Execution Vulnerability
Zoom Plugin is a plug-in from Zoom ZOOM, Inc. A security vulnerability exists in previous versions of Zoom Plugin for Microsoft Outlook for MacOS 5.3.52553.0918, which stems from a Time of Check Use TOC TOU vulnerability included in the plug-in installation process. An attacker could exploit this...
CVE-2021-34410
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root...
Code injection
All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...
CVE-2021-34410
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root...