CVE-2026-1368

The CVE concerns the Video Conferencing with Zoom WordPress plugin (before version 4.6.6). An AJAX handler has its nonce verification commented out, enabling unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and to retrieve the site’s Zoom SDK key. This could enab...

CVE-2026-1368

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...

CVE-2023-3947

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...

CVE-2022-4578

The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...

PT-2022-13143 · Zoom · Video Conferencing With Zoom Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom WordPress plugin versions prior to 3.8.17 Description: The issue concerns a lack of authorization in the vczapi get wp users AJAX action, allowing any authenticated users, such as subscribers, to download the list...