CVE-2025-11760

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6

Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows unauthenticated attackers to extract the sdk secret value, which should be server-side. Compromising the Zoom integration enables attackers to generate valid JWT signatures for unauthorized meeting access.

Recommendations Versions prior to and including 1.5.6 should be updated to a newer version that addresses this issue.