PT-2026-57122 · Sovlix · Goodmeet – Google Meet Integration For Webinar
Legion Hunter
·
Publicado
2026-07-10
·
Atualizado
2026-07-10
·
CVE-2026-6440
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset credential() function, which handles the wp ajax goodmeet reset google meet credential AJAX action. While the function does verify the user's capability (manage options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet google credentials) and OAuth tokens (goodmeet google token), effectively disabling the Google Meet integration on the site.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Goodmeet – Google Meet Integration For Webinar