CVE-2023-3947
Video Conferencing with Zoom <= 4.2.1 - Sensitive Information Exposure
CVSS Score
3.7
EPSS Score
0.0%
EPSS Percentile
0th
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.
| CWE | CWE-321 |
| Vendor | j_3rk |
| Product | video conferencing with zoom |
| Published | Jul 26, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for j_3rk video conferencing with zoom
Be the first to know when new low vulnerabilities affecting j_3rk video conferencing with zoom are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
j_3rk / Video Conferencing with Zoom
0 ≤ 4.2.1
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/tags/4.2.1/includes/helpers.php#L546 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/trunk/includes/Helpers/Encryption.php?rev=2942302
Credits
István Márton