SB2023072829 - Information disclosure in Video Conferencing with Zoom plugin for WordPress
Published: July 28, 2023
Security Bulletin ID
SB2023072829
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2023-3947)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to hardcoded encryption key in the "vczapi_encrypt_decrypt" function. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/trunk/includes/Helpers/Encryption.php?rev=2942302
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=cve
- https://plugins.trac.wordpress.org/browser/video-conferencing-with-zoom-api/tags/4.2.1/includes/helpers.php#L546