CVE-2026-1368

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

CVSS 7.5 HIGHEPSS 1.2%CWE-287

Vexday Risk Score

36Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 7.5EPSS 1.2%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

18 feb 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Unknown · Video Conferencing with Zoom

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/