🔐 CVE Alert

CVE-2026-1368

HIGH 7.5

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
6th

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

Vendor unknown
Product video conferencing with zoom
Published Feb 18, 2026
Last Updated Feb 18, 2026
Stay Ahead of the Next One

Get instant alerts for unknown video conferencing with zoom

Be the first to know when new high vulnerabilities affecting unknown video conferencing with zoom are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Video Conferencing with Zoom
0 < 4.6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wpscan.com: https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/

Credits

yiğit ibrahim sağlam WPScan