Video Conferencing With Zoom
CVE-2023-3947
LOW
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.
AnalysisAI
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-321. The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password. Affected products include: Imdpen Video Conferencing With Zoom.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Video Conferencing With Zoom
View allThe Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users A
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoo
Unauthenticated access to Zoom SDK credentials is possible in the Video Conferencing with Zoom WordPress plugin (version
Missing authorization in Deepen Bajracharya's Video Conferencing with Zoom WordPress plugin through version 4.6.6 allows
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today