Skip to main content

Goodmeet Google Meet Integration For Webinar Meeting Video Conference

1 CVEs product

Monthly

CVE-2026-6440 MEDIUM This Month

Cross-Site Request Forgery in the GoodMeet WordPress plugin (versions up to and including 1.1.8) enables unauthenticated remote attackers to wipe a site's stored Google Meet API credentials and OAuth tokens by deceiving a logged-in administrator into triggering a crafted request. The vulnerable reset_credential() function handling the wp_ajax_goodmeet_reset_google_meet_credential AJAX action checks the manage_options capability but omits mandatory WordPress nonce validation, allowing any cross-origin request to be processed as legitimate. The practical outcome is complete disabling of the site's Google Meet integration with no data disclosure; no public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.

WordPress CSRF Google Goodmeet Google Meet Integration For Webinar Meeting Video Conference
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery in the GoodMeet WordPress plugin (versions up to and including 1.1.8) enables unauthenticated remote attackers to wipe a site's stored Google Meet API credentials and OAuth tokens by deceiving a logged-in administrator into triggering a crafted request. The vulnerable reset_credential() function handling the wp_ajax_goodmeet_reset_google_meet_credential AJAX action checks the manage_options capability but omits mandatory WordPress nonce validation, allowing any cross-origin request to be processed as legitimate. The practical outcome is complete disabling of the site's Google Meet integration with no data disclosure; no public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.

WordPress CSRF Google +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy