CVE-2026-1368

High CVSS: 7.5

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

Vendor

Product

CWE

CWE-287

Yayın Tarihi

2026-02-18 06:16:34

Güncelleme

2026-02-18 17:51:53

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-287 HIGH 2026

Referanslar

https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/