Vulnerabilities and security researches forvideo-conferencing-with-zoom-api video-conferencing-with-zoom-api

Direction: ascending

Jun 07, 2024

Video Conferencing with Zoom # CVE-2024-33584

CVE, Research URL: CVE-2024-33584
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Apr 29, 2024
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4.
Affected versions: max 4.4.5.
Status: vulnerable

Video Conferencing with Zoom # CVE-2022-0384

CVE, Research URL: CVE-2022-0384
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Mar 07, 2022
Research Description: The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog
Affected versions: max 3.8.17.
Status: vulnerable

Video Conferencing with Zoom # CVE-2022-4578

CVE, Research URL: CVE-2022-4578
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Jan 16, 2023
Research Description: The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: max 4.0.10.
Status: vulnerable

Video Conferencing with Zoom # CVE-2023-3947

CVE, Research URL: CVE-2023-3947
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Jul 26, 2023
Research Description: The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.
Affected versions: max 4.3.0.
Status: vulnerable

Video Conferencing with Zoom # CVE-2024-2031

CVE, Research URL: CVE-2024-2031
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Mar 13, 2024
Research Description: The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.4.5.
Status: vulnerable

Video Conferencing with Zoom # CVE-2024-2033

CVE, Research URL: CVE-2024-2033
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Apr 10, 2024
Research Description: The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site.
Affected versions: max 4.4.6.
Status: vulnerable

Apr 13, 2026

Video Conferencing with Zoom # CVE-2026-39653

CVE, Research URL: CVE-2026-39653
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Apr 08, 2026
Research Description: Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.
Affected versions: max 4.6.7.
Status: vulnerable

Apr 15, 2026

Video Conferencing with Zoom # CVE-2026-1368

CVE, Research URL: CVE-2026-1368
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Feb 18, 2026
Research Description: The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.
Affected versions: max 4.6.6.
Status: vulnerable

Jun 16, 2026

Video Conferencing with Zoom # 47d054c5-d2fc-4a75-b9d4-9fe327caf66b

CVE, Research URL: 47d054c5-d2fc-4a75-b9d4-9fe327caf66b
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: -
Research Description: Video Conferencing with Zoom [video-conferencing-with-zoom-api] < 3.8.16 Video Conferencing with Zoom < 3.8.16 - Reflected Cross-Site Scripting The plugin does not sanitise and escape user data before outputting it back in attributes in some admin pages, leading to Reflected Cross-Site Scripting issues
Affected versions: max 3.8.16.
Status: vulnerable

Video Conferencing with Zoom # b8a7ddb9af349d95d5e97034184115bea80391ee

CVE, Research URL: b8a7ddb9af349d95d5e97034184115bea80391ee
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Nov 30, 2021
Research Description: Video Conferencing with Zoom [video-conferencing-with-zoom-api] < 3.8.16 WordPress Video Conferencing with Zoom plugin <= 3.8.15 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Video Conferencing with Zoom plugin (versions <= 3.8.15).
Affected versions: max 3.8.16.
Status: vulnerable

Video Conferencing with Zoom # 73cd6923-8c3b-435c-8f69-793e5fc46655

CVE, Research URL: 73cd6923-8c3b-435c-8f69-793e5fc46655
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: -
Research Description: Video Conferencing with Zoom [video-conferencing-with-zoom-api] < 3.9.3 Video Conferencing with Zoom < 3.9.3 - Reflected Cross-Site Scripting The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions: max 3.9.3.
Status: vulnerable

Video Conferencing with Zoom # 61aecff1b8afada691c803f4ff6ce7721e1751ee

CVE, Research URL: 61aecff1b8afada691c803f4ff6ce7721e1751ee
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: May 31, 2022
Research Description: Video Conferencing with Zoom [video-conferencing-with-zoom-api] < 3.9.3 Video Conferencing with Zoom <= 3.9.2 - Reflected Cross-Site Scripting The Video Conferencing with Zoom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 3.9.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.9.3.
Status: vulnerable

Video Conferencing with Zoom # 453a4ceb0eab6eea0a7eb23b446a57089d5dc531

CVE, Research URL: 453a4ceb0eab6eea0a7eb23b446a57089d5dc531
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Nov 30, 2021
Research Description: Video Conferencing with Zoom [video-conferencing-with-zoom-api] < 3.8.16 Video Conferencing with Zoom < 3.8.16 - Reflected Cross-Site Scripting The Video Conferencing with Zoom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘host_id’ parameter in versions before 3.8.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.8.16.
Status: vulnerable

Video Conferencing with Zoom # d8b0766ddc9101a547d6630e235a06bccd64b103

CVE, Research URL: d8b0766ddc9101a547d6630e235a06bccd64b103
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: May 31, 2022
Research Description: Video Conferencing with Zoom [video-conferencing-with-zoom-api] <= 3.9.2 WordPress Video Conferencing with Zoom plugin <= 3.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Video Conferencing with Zoom plugin (versions <= 3.9.2). Update the WordPress Video Conferencing with Zoom plugin to the latest available version (at least 3.9.3).
Affected versions: max 3.9.2.
Status: vulnerable

Jun 17, 2026

Video Conferencing with Zoom # CVE-2026-6964

CVE, Research URL: CVE-2026-6964
Home page URL: Security reports for Video Conferencing with Zoom
Application: Video Conferencing with Zoom
Date: Jun 16, 2026
Research Description: The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain the site's Zoom SDK API key and a freshly-signed JWT that can be used with the Zoom Web SDK to join any Zoom meeting associated with those credentials without a legitimate invitation.
Affected versions: max 4.6.8.
Status: vulnerable