PT-2026-57122 · Sovlix · Goodmeet – Google Meet Integration For Webinar

Legion Hunter

·

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-6440

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset credential() function, which handles the wp ajax goodmeet reset google meet credential AJAX action. While the function does verify the user's capability (manage options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet google credentials) and OAuth tokens (goodmeet google token), effectively disabling the Google Meet integration on the site.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-6440

Produtos afetados

Goodmeet – Google Meet Integration For Webinar