CVE-2024-3275

Name of the Vulnerable Software and Affected Versions The eRoom – Zoom Meetings & Webinars plugin for WordPress versions up to, and including, 1.4.18

Description The issue allows authenticated attackers with subscriber access or higher to obtain post excerpts, including those of draft and pending posts, via the search posts function. This enables them to expose sensitive information.

Recommendations For versions up to, and including, 1.4.18, update to a version higher than 1.4.18 to resolve the issue. As a temporary workaround, consider restricting access to the search posts function to minimize the risk of exploitation.