CVE-2024-2033

Name of the Vulnerable Software and Affected Versions Video Conferencing with Zoom plugin for WordPress versions up to and including 4.4.5

Description The issue allows authenticated attackers with subscriber access or higher to expose sensitive information, including usernames, emails, and IDs of all users on a site, via the get assign host id AJAX action.

Recommendations For versions up to and including 4.4.5, update to a version higher than 4.4.5 to resolve the issue. As a temporary workaround, consider restricting access to the get assign host id AJAX action to minimize the risk of exploitation.