CVE-2026-1368

CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.0%
top 93.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unknown Video Conferencing With Zoom
Timeline
PublishedFeb 18

Description

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-568p-hhxc-vvx8: The Video Conferencing with Zoom WordPress plugin before 42026-02-18
CVEList
Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation2026-02-18

🕵️Threat Intelligence

1
Wiz
CVE-2026-1368 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-1368 (HIGH CVSS 7.5) | The Video Conferencing with Zoom Wo | cvebase.io