CVE-2025-11760

Published: Oct 25, 2025

Modified: Apr 8, 2026

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access.

Vendor	Product	Versions
digitalmeactivecampaign	eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams	affected `0 - <= 1.5.6`

Weaknesses (CWE)

CWE-200

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/0baaa6b7-3884-465e-bae3-46edab6312d4?source=cve

https://plugins.trac.wordpress.org/browser/eroom-zoom-meetings-webinar/tags/1.5.6/templates/single/meeting_view.php#L173

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3379064%40eroom-zoom-meetings-webinar%2Ftrunk&old=3375935%40eroom-zoom-meetings-webinar%2Ftrunk&sfp_email=&sfph_mail=#file4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-11760

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References