cleantalk
Vulnerabilities and Security Researches

eRoom – Zoom Meetings & Webinars, CVE-2025-11760

CVE, Research URL

CVE-2025-11760

Home page URL

Security reports for eRoom – Zoom Meetings & Webinars

Application

eRoom – Zoom Meetings & Webinars

Published on
Oct 25, 2025
Research Description
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access.
Affected versions
max 1.5.7.
Status
vulnerable
Previous vulnerability researches
LLM Hubspot Blog Import (CVE-2025-11257) , Nov 11, 2025
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025