cbcvebase.
CVE-2026-1368
published 2026-02-18

CVE-2026-1368: The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated…

PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.21%
64.6th percentile
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/plugins/video-conferencing-with-zoom-api/README.txt
path/wp-content/plugins/video-conferencing-with-zoom-api/
commandPOST /wp-admin/admin-ajax.php action=get_auth&meeting_id=123456789
  • Exploit attempt produces a JSON response with '"success":true', '"sig":"eyJ' (base64-encoded JWT), and '"type":"sdk"' — match all three to confirm unauthenticated SDK signature generation.
  • The vulnerable AJAX action is 'get_auth'; unauthenticated POST requests to /wp-admin/admin-ajax.php with this action and any meeting_id should be alerted on.
  • The root cause is a commented-out nonce verification in the AJAX handler — no authentication or nonce is required for the request to succeed.
  • ·The exploit requires the target to be running the 'video-conferencing-with-zoom-api' WordPress plugin at a version strictly below 4.6.6; version 4.6.6 and later are patched.
  • ·The Nuclei template uses a two-step flow: step 1 confirms the vulnerable plugin version via README.txt before step 2 fires the exploit POST — detections should account for this chained pattern.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.