CVE-2026-6964

The CVE-2026-6964 entry covers the WordPress plugin Video Conferencing with Zoom (versions up to 4.6.7). It states an authorization bypass in the get_auth AJAX action, allowing unauthenticated attackers to obtain the site’s Zoom SDK API key and a freshly-signed JWT usable with the Zoom Web SDK to...

CVE-2026-6964 Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

EUVD-2025-35900

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

CVE-2024-32454 WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0...