cleantalk
Vulnerabilities and Security Researches

Video Conferencing with Zoom, CVE-2026-1368

CVE, Research URL

CVE-2026-1368

Home page URL

Security reports for Video Conferencing with Zoom

Application

Video Conferencing with Zoom

Published on
Feb 18, 2026
Research Description
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.
Affected versions
max 4.6.6.
Status
vulnerable
Previous vulnerability researches
Video & Photo Gallery for Ultimate Member (CVE-2025-32121) , Apr 06, 2025
Video & Photo Gallery for Ultimate Member (CVE-2024-12162) , Dec 13, 2024
Video & Photo Gallery for Ultimate Member (CVE-2024-54370) , Dec 18, 2024
Video & Photo Gallery for Ultimate Member (CVE-2025-22672) , Feb 20, 2025
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
New vulnerability
Zarinpal Gateway (CVE-2026-2592) , Apr 15, 2026
Twitter posts to Blog (CVE-2026-1786) , Apr 15, 2026
Simple Download Monitor (CVE-2026-2383) , Apr 15, 2026
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-1942) , Apr 15, 2026
WP Content Permission (CVE-2026-0743) , Apr 15, 2026