Podatność CVE-2023-3947
Publikacja: 2023-07-26

Opis:
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.

Typ:

CWE-321

 (Use of Hard-coded Cryptographic Key)

 Referencje:
https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/trunk/includes/Helpers/Encryption.php?rev=2942302
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=cve
https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/tags/4.2.1/includes/helpers.php#L546
Copyright 2024, cxsecurity.com

 

Back to Top