eRoom – Zoom Meetings & Webinar by StylemixThemes

eRoom – Zoom Meetings & Webinar by StylemixThemes <= 1.4.6 - Subscriber+ Sensitive Data Disclosure

LANACOMMONVDB ID: 76214a26-aed5-4c21-a5c0-386ab261009a

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check in the stm_wpcfto_get_settings AJAX action, which could allow any authenticated users to call it and retrieve meeting's data.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/eroom-zoom-meetings-webinar/

CVE: CVE-2022-43472

Attributes

Catgory: WordPress Plugin

Discovered: 2022-10-25

Published: 2023-03-22

Affected Version: <= 1.4.6

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization, Sensitive Data Disclosure

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).