J 3Rk · Video Conferencing With Zoom · CVE-2026-6964
**Name of the Vulnerable Software and Affected Versions**
Video Conferencing with Zoom versions prior to 4.6.8
**Description**
The plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to retrieve the site's Zoom SDK API key and a freshly-signed JWT (JSON Web Token), which is a compact, URL-safe means of representing claims to be transferred between two parties. These credentials can be used with the Zoom Web SDK to join any Zoom meeting associated with the account without a legitimate invitation.
**Recommendations**
Update to a version later than 4.6.7.