PT-2026-20277 · Zoom Video Communications+1 · Zoom+1
Published
2026-02-18
·
Updated
2026-04-30
·
CVE-2026-1368
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Video Conferencing with Zoom WordPress plugin versions prior to 4.6.6
Description
The Video Conferencing with Zoom WordPress plugin has an AJAX handler where the security check for generated signatures is disabled. This allows attackers who are not logged in to create valid Zoom SDK signatures for any meeting ID and obtain the Zoom SDK key associated with the website.
Recommendations
Update the Video Conferencing with Zoom WordPress plugin to version 4.6.6 or later.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Video Conferencing With Zoom
Zoom