Skip to main content

Video Conferencing With Zoom EUVDEUVD-2026-20320

| CVE-2026-39653 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-ww9f-25j7-gx7q
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 15, 2026 - 12:42 vuln.today
CVSS changed
Apr 13, 2026 - 19:37 NVD
4.3 (MEDIUM)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20320
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.

AnalysisAI

Missing authorization in Deepen Bajracharya's Video Conferencing with Zoom WordPress plugin through version 4.6.6 allows authenticated attackers to modify video conference data via broken access control. The plugin fails to properly validate whether users have permission to access or modify specific conference resources, enabling privilege escalation within the plugin's functionality. CVSS 4.3 reflects limited integrity impact; EPSS 0.02% (percentile 4%) suggests exploitation is unlikely in practice despite the authorization defect.

Technical ContextAI

The vulnerability stems from CWE-862 (Missing Authorization), a foundational access control weakness where the application fails to enforce authorization checks before allowing resource modification. In this WordPress plugin context, the issue manifests as incorrectly configured access control security levels in the Zoom API integration layer. The plugin likely processes authenticated user requests to modify conference settings without verifying that the requesting user owns or has explicit permission to access the target conference resource. This is distinct from authentication (proving identity) - the user is authenticated but the plugin does not check what resources they should be allowed to access.

RemediationAI

Update the Video Conferencing with Zoom plugin to a patched version released after 4.6.6. Administrators should navigate to WordPress Dashboard > Plugins > Installed Plugins, locate 'Video Conferencing with Zoom,' and apply the latest available update. If a patched version is not yet available, restrict plugin access to trusted administrator roles only via WordPress user role management, and review access control rules in the plugin settings to ensure only authorized users can modify conference resources. Reference the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/video-conferencing-with-zoom-api/vulnerability/wordpress-video-conferencing-with-zoom-plugin-4-6-6-broken-access-control-vulnerability?_s_id=cve for the latest patch status and detailed remediation guidance.

Share

EUVD-2026-20320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy