CVE-2026-1368
published 2026-02-18CVE-2026-1368: The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.21%
64.6th percentile
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit attempt produces a JSON response with '"success":true', '"sig":"eyJ' (base64-encoded JWT), and '"type":"sdk"' — match all three to confirm unauthenticated SDK signature generation. ↗
- →The vulnerable AJAX action is 'get_auth'; unauthenticated POST requests to /wp-admin/admin-ajax.php with this action and any meeting_id should be alerted on. ↗
- →The root cause is a commented-out nonce verification in the AJAX handler — no authentication or nonce is required for the request to succeed. ↗
- ·The exploit requires the target to be running the 'video-conferencing-with-zoom-api' WordPress plugin at a version strictly below 4.6.6; version 4.6.6 and later are patched. ↗
- ·The Nuclei template uses a two-step flow: step 1 confirms the vulnerable plugin version via README.txt before step 2 fires the exploit POST — detections should account for this chained pattern. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
nuclei·CVSS 7.5
CVE-2026-1368 [HIGH] Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
Zoom WordPress plugin < 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key.
Template:
id: CVE-2026-1368
info:
name: Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
author: 0x_Akoko
severity: high
description: |
Zoom WordPress plugin < 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key.
impact: |
Unauthenticated attackers can generate valid SDK signatures and retrieve the Zoom SDK key
2026-02-18
Published