CVE-2026-1368

{"id": "CVE-2026-1368", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-02-18T06:16:34.327", "references": [{"url": "https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/", "source": "contact@wpscan.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key."}, {"lang": "es", "value": "El plugin de WordPress Video Conferencing con Zoom anterior a la versi\u00f3n 4.6.6 contiene un manejador AJAX que tiene su verificaci\u00f3n de nonce comentada, lo que permite a atacantes no autenticados generar firmas v\u00e1lidas del SDK de Zoom para cualquier ID de reuni\u00f3n y recuperar la clave del SDK de Zoom del sitio."}], "lastModified": "2026-02-18T17:51:53.510", "sourceIdentifier": "contact@wpscan.com"}