← voltar
CVE-2025-11760

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

CVSS 5.3 MEDIUMEPSS 0.3%CWE-200
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →