PT-2026-57122 · Sovlix · Goodmeet – Google Meet Integration For Webinar

Legion Hunter

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-6440

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset credential() function, which handles the wp ajax goodmeet reset google meet credential AJAX action. While the function does verify the user's capability (manage options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet google credentials) and OAuth tokens (goodmeet google token), effectively disabling the Google Meet integration on the site.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6440

Affected Products

Goodmeet – Google Meet Integration For Webinar