Description

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access.

INFO

Published Date :

2025-10-25T01:45:55.977Z

Last Modified :

2026-04-08T16:34:54.332Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2025-11760 vulnerability.

Vendors Products
Wordpress
  • Wordpress
Wpcenter
  • Eroom
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11760.

URL Resource
https://plugins.trac.wordpress.org/browser/eroom-zoom-meetings-webinar/tags/1.5.6/templates/single/meeting_view.php#L173 cve-icon cve-icon
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3379064%40eroom-zoom-meetings-webinar%2Ftrunk&old=3375935%40eroom-zoom-meetings-webinar%2Ftrunk&sfp_email=&sfph_mail=#file4 cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/0baaa6b7-3884-465e-bae3-46edab6312d4?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact