eRoom < 1.5.7 – Unauthenticated Information Exposure | CVE 2025-49919

Affects Plugins

eroom-zoom-meetings-webinar

Fixed in 1.5.7

References

CVE

CVE-2025-49919

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac3ffcf-50e0-42fc-a88d-cd7a51fbe1a9

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Mohamad Fattyr

Verified

No

WPVDB ID

fd88acce-10c1-457a-a2ae-1f4d3a23d714

Timeline

Publicly Published

2025-11-26 (about 7 months ago)

Added

2025-12-19 (about 6 months ago)

Last Updated

2025-12-19 (about 6 months ago)

Other

Published

Title

Published

2025-09-22

Title

WP System Information <= 1.5 - Authenticated (Subscriber+) Sensitive Information Exposure

Published

2023-11-30

Title

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Published

2023-07-19

Title

Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure

Published

2026-01-16

Title

WP Hotel Booking < 2.2.8 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

Published

2025-02-04

Title

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto < 8.0.9 - Unauthenticated Sensitive Information Exposure