WordPress Plugin Vulnerabilities

Video Conferencing with Zoom < 4.4.6 - Sensitive Information Exposure

Description

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site.

Affects Plugins

Plugin icon
video-conferencing-with-zoom-api
Fixed in 4.4.6

References

CVE
CVE-2024-2033
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0966057b-8a3c-4d3c-84cb-cf36f1d97922

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
ca092998-2d73-4fe6-b9e7-15b5dd3fdd42

Timeline

Publicly Published
2024-03-22 (about 2 years ago)
Added
2024-03-22 (about 2 years ago)
Last Updated
2024-03-22 (about 2 years ago)

Other

Published
Title
Published
2026-03-18
Title
Print Invoice & Delivery Notes for WooCommerce < 6.0.0 - Missing Authorization
Published
2026-03-20
Title
Expire Users <= 1.2.2 - Subscriber+ Privilege Escalation
Published
2026-01-30
Title
Atarim < 4.3.2 - Missing Authorization
Published
2026-01-18
Title
Smart Product Viewer <= 1.5.4 - Missing Authorization
Published
2021-11-25
Title
Browser and Operating System Finder <= 1.2 - Unauthenticated Arbitrary Settings Update to Stored XSS