Headline
CVE-2022-25614: WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Sync with Zoom Meetings - Patchstack
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
eroom-zoom-meetings-webinar
Software
eRoom – Zoom Meetings & Webinar
Vulnerable Versions
<= 1.3.7
Fixed in version
1.3.8
CVE
CVE-2022-25614
References
Credits
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Disclosure Date
2022-04-11
CVSS 3.0 score
Are your websites subject to this vulnerability?
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to Sync with Zoom Meetings discovered by Ex.Mi (Patchstack) in WordPress eRoom plugin (versions <= 1.3.7).
Solution
Update the WordPress eRoom plugin to the latest available version (at least 1.3.8).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.