The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information

GOOGLE

MICROSOFT

SDK

WORDPRESS

27-10-2025 10:54

CVE-2025-11760 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#google

#plugin

#zoom

#web

#server

#javascript

#java

#form

#sdk

#microsoft

#/plugin(.*)javascript/iU

#plugin javascript

#attackers

#authenticated

#vulnerable

#security

#allow

#attack

#access

#unauthorized

Descripción

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This due the exposing Zoom SDK secret keys client-side JavaScript within meeting view template. makes it possible unauthenticated attackers extract sdk_secret value, which should remain server-side, compromising security integration allowing generate valid JWT signatures unauthorized access.

https://plugins.trac.wordpress.org/browser/eroom-zoom-meetings-webinar/tags/1.5.6/templates/single/meeting_view.php#L173

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3379064 40eroom-zoom-meetings-webinar 2Ftrunk&old=3375935 40eroom-zoom-meetings-webinar 2Ftrunk&sfp_email=&sfph_mail=#file4

https://www.wordfence.com/threat-intel/vulnerabilities/id/0baaa6b7-3884-465e-bae3-46edab6312d4?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-11760

Resultados similares

Coincidentes en almenos en 50% de los tags

27-10-2025 CVE-2025-7730
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Ver información

27-10-2025 CVE-2025-12080
On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, ...
Ver información