Описание
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.
Ссылки
- Patch
- Patch
- Third Party Advisory
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.1 (включая)
cpe:2.3:a:imdpen:video_conferencing_with_zoom:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
3.7 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 3.7
github
больше 2 лет назад
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.
EPSS
Процентиль: 43%
0.00206
Низкий
3.7 Low
CVSS3
5.3 Medium
CVSS3