Unknown Video Conferencing With Zoom vulnerabilities

CVE-2026-1368 [HIGH] CWE-287 CVE-2026-1368: The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

CVE-2022-4578 [MEDIUM] CWE-79 CVE-2022-4578: The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-0384 [MEDIUM] CWE-200 CVE-2022-0384: The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its v The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog