Vulnerabilities and security researches foreroom-zoom-meetings-webinar eroom-zoom-meetings-webinar

Jun 06, 2024

CVE, Research URL: CVE-2022-25614
Home page URL: Security reports for eRoom – Zoom Meetings & Webinars
Application: eRoom – Zoom Meetings & Webinars
Date: Apr 12, 2022
Research Description: Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
Affected versions: max 1.3.8.
Status: vulnerable

CVE, Research URL: CVE-2022-25615
Home page URL: Security reports for eRoom – Zoom Meetings & Webinars
Application: eRoom – Zoom Meetings & Webinars
Date: Apr 12, 2022
Research Description: Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
Affected versions: max 1.3.9.
Status: vulnerable

CVE, Research URL: CVE-2024-3275
Home page URL: Security reports for eRoom – Zoom Meetings & Webinars
Application: eRoom – Zoom Meetings & Webinars
Date: May 02, 2024
Research Description: The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts.
Affected versions: max 1.4.19.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-43472
Home page URL: Security reports for eRoom – Zoom Meetings & Webinars
Application: eRoom – Zoom Meetings & Webinars
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.
Affected versions: max 1.4.7.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-11760
Home page URL: Security reports for eRoom – Zoom Meetings & Webinars
Application: eRoom – Zoom Meetings & Webinars
Date: Oct 25, 2025
Research Description: The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access.
Affected versions: max 1.5.7.
Status: vulnerable