PT-2026-57122 · Sovlix · Goodmeet – Google Meet Integration For Webinar
Legion Hunter
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-6440
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset credential() function, which handles the wp ajax goodmeet reset google meet credential AJAX action. While the function does verify the user's capability (manage options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet google credentials) and OAuth tokens (goodmeet google token), effectively disabling the Google Meet integration on the site.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Goodmeet – Google Meet Integration For Webinar