CVE-2025-11760
📋 TL;DR
The eRoom WordPress plugin exposes Zoom SDK secret keys in client-side JavaScript, allowing unauthenticated attackers to extract these credentials. This enables attackers to generate valid JWT signatures and gain unauthorized access to Zoom meetings. All WordPress sites using eRoom plugin versions up to 1.5.6 are affected.
💻 Affected Systems
- eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized access to Zoom meetings, potentially joining sensitive meetings, recording sessions, or disrupting business operations.
Likely Case
Attackers extract Zoom SDK credentials and use them to create unauthorized meeting sessions or access scheduled meetings.
If Mitigated
With proper access controls and monitoring, impact is limited to credential exposure requiring rotation.
🎯 Exploit Status
Exploitation requires viewing page source or using browser developer tools to extract exposed credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.5.6
Restart Required: No
Instructions:
1. Update eRoom plugin to latest version via WordPress admin panel. 2. Verify update to version after 1.5.6. 3. Rotate Zoom SDK credentials immediately.
🔧 Temporary Workarounds
Disable Plugin
WordPressTemporarily disable the eRoom plugin until patched
wp plugin deactivate eroom-zoom-meetings-webinar
🧯 If You Can't Patch
- Rotate Zoom SDK credentials immediately
- Implement WAF rules to block access to meeting view pages
🔍 How to Verify
Check if Vulnerable:
View page source of meeting pages and search for 'sdk_secret' in JavaScriptCheck Version:
wp plugin get eroom-zoom-meetings-webinar --field=versionVerify Fix Applied:
After update, verify sdk_secret is no longer exposed in page source📡 Detection & Monitoring
Log Indicators:
- Unusual access to meeting view pages
- Multiple failed Zoom API calls
Network Indicators:
- Unusual Zoom API requests from unexpected sources
SIEM Query:
source="wordpress" AND (uri="/meeting-view" OR user_agent CONTAINS "curl")🔗 References
- https://plugins.trac.wordpress.org/browser/eroom-zoom-meetings-webinar/tags/1.5.6/templates/single/meeting_view.php#L173
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3379064%40eroom-zoom-meetings-webinar%2Ftrunk&old=3375935%40eroom-zoom-meetings-webinar%2Ftrunk&sfp_email=&sfph_mail=#file4
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0baaa6b7-3884-465e-bae3-46edab6312d4?source=cve
