CVE-2026-1368 – Video Conferencing with Zoom API < 4.6.6 – Unauthenticated SDK Signature Generation

CVE ID : CVE-2026-1368

Published : Feb. 18, 2026, 6:16 a.m. | 43 minutes ago

Description : The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site’s Zoom SDK key.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…