WordPress eRoom - Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin <= 1.5.6 - Unauthenticated Sensitive Information Exposure vulnerability

WordPress eRoom - Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin = 1.5.6 - Unauthenticated Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin eRoom versions = 1.5.6...

CVE-2025-49919

CVE-2025-49919 is a vulnerability in the WordPress plugin “eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams” (WPCenter eRoom) rated as Medium (CVSS 3.1: 5.8). Affected versions: eRoom up to 1.5.6. Description in the initial document: Insertion of Sensitive Information Into ...

CVE-2025-49919 WordPress eRoom plugin <= 1.5.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through = 1.5.6...

CVE-2025-49919 WordPress eRoom plugin <= 1.5.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through = 1.5.6...

WordPress eRoom plugin <= 1.5.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mohamad Fattyr in WordPress Plugin eRoom versions = 1.5.6...

CVE-2025-11760

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

CVE-2025-11760

CVE-2025-11760 affects the WordPress plugin “eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams” through version 1.5.6. The root cause is exposure of the Zoom SDK secret keys in client-side JavaScript in the meeting view template, enabling unauthenticated attackers to extract...

CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

EUVD-2025-35900

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

EUVD-2024-31865

Malicious code in bioql PyPI...

EUVD-2022-30274

Malicious code in bioql PyPI...

WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.18 is vulnerable to Broken Access Control

Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.18 Fixed in 1.4.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3275 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f0c5109ca2f Credits Krzysztof...

CVE-2022-25614 WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability

Cross-Site Request Forgery CSRF in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress plugin = 1.3.7 allows an attacker to Sync with Zoom Meetings...

CVE-2022-25615 WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion

Cross-Site Request Forgery CSRF in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress plugin = 1.3.8 allows cache deletion...

WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion

Cross-Site Request Forgery CSRF vulnerability leading to Cache Deletion discovered by Ex.Mi Patchstack in WordPress eRoom plugin versions = 1.3.8. Solution Update the WordPress eRoom plugin to the latest available version at least 1.3.9...

WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Sync with Zoom Meetings

Cross-Site Request Forgery CSRF vulnerability leading to Sync with Zoom Meetings discovered by Ex.Mi Patchstack in WordPress eRoom plugin versions = 1.3.7. Solution Update the WordPress eRoom plugin to the latest available version at least 1.3.8...

eRoom < 1.3.8 - Sync Meetings via CSRF

The plugin does not have CSRF check in place when syncing meetings, which could allow attackers to make logged in users perform such action via a CSRF attack...