WordPress Plugin Vulnerabilities

eRoom < 1.3.8 - Sync Meetings via CSRF

Description

The plugin does not have CSRF check in place when syncing meetings, which could allow attackers to make logged in users perform such action via a CSRF attack

Affects Plugins

Plugin icon
eroom-zoom-meetings-webinar
Fixed in 1.3.8

References

CVE
CVE-2022-25614

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
No
WPVDB ID
2ae585f0-56b9-4641-a615-60e94c2e3d23

Timeline

Publicly Published
2022-04-11 (about 4 years ago)
Added
2022-04-12 (about 4 years ago)
Last Updated
2022-04-13 (about 4 years ago)

Other

Published
Title
Published
2024-06-05
Title
Muslim Prayer Time BD < 2.5 - Settings Reset via CSRF
Published
2024-11-13
Title
Exclusive Content Password Protect <= 1.1.0 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2026-01-16
Title
The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update
Published
2025-08-25
Title
SEO For Images <= 1.0.0 - Cross-Site Request Forgery
Published
2023-06-15
Title
Google XML Sitemap for Videos <= 2.6.1 - CSRF