Zoom Plugin for WordPress Exposes Meeting IDs and API Keys

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Zoom Plugin for WordPress Exposes Meeting IDs and API Keys

CVE-2026-1368

Summary

The Zoom plugin for WordPress allows attackers to access sensitive meeting IDs and API keys without a password, putting users' video conferencing sessions at risk. This means that attackers could potentially join unauthorized meetings or use the exposed API keys to access other sensitive information. To fix this, update the Zoom plugin to version 4.6.6 or later.

Original title

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK ...

Original description

nvd CVSS3.1 7.5

Vulnerability type

CWE-287 Improper Authentication

https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/

Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026