WordPress Plugin Vulnerabilities

Video Conferencing with Zoom < 4.3.0 - Sensitive Data Disclosure

Description

The plugin hardcodes its encryption key, which could allow unauthenticated attackers to decrypt the meeting id and password via the vczapi_encrypt_decrypt function

Affects Plugins

Plugin icon
video-conferencing-with-zoom-api
Fixed in 4.3.0

References

CVE
CVE-2023-3947

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
3.7 (low)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
6de00b0d-37a0-48ac-b002-2d2ea4fc9526

Timeline

Publicly Published
2023-07-25 (about 2 years ago)
Added
2023-07-27 (about 2 years ago)
Last Updated
2023-07-27 (about 2 years ago)

Other

Published
Title
Published
2024-04-22
Title
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.79 - Unauthenticated Sensitive Information Exposure
Published
2025-11-04
Title
File Manager for Google Drive – Integrate Google Drive with WordPress < 1.5.4 - Unauthenticated Sensitive Information Exposure
Published
2024-02-27
Title
Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2023-11-30
Title
CF7 Google Sheets Connector < 5.0.6 - Unauthenticated Sensitive Information Exposure via Debug Log
Published
2024-11-05
Title
Contact Form 7 – Dynamic Text Extension < 4.5.1 - Information Disclosure via Shortcode