Cyber Resilience

CVE-2026-1368

High

Published: 18 February 2026

Published
18 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.3292 97.0th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1368 is a high-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

The Video Conferencing with Zoom WordPress plugin before version 4.6.6 is affected by CVE-2026-1368, a vulnerability in an AJAX handler whose nonce verification has been commented out. This corresponds to CWE-287 and carries a CVSS 3.1 score of 7.5, reflecting network-accessible exploitation with no required authentication or user interaction that results in high confidentiality impact.

Unauthenticated remote attackers can invoke the handler to obtain valid Zoom SDK signatures for arbitrary meeting identifiers and to extract the site's Zoom SDK key, thereby gaining access to meeting resources that would otherwise be restricted.

The referenced WPScan advisory at https://wpscan.com/vulnerability/218e6655-c5aa-4bce-86b2-cad3bb20020c/ documents the flaw and indicates that the issue is resolved in plugin version 4.6.6 and later. The associated EPSS score has remained at 0.3292 with no material increase observed.

EU & UK References

Vulnerability details

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Missing nonce verification in public AJAX endpoint directly enables unauthenticated exploitation of a web-facing application (T1190) and retrieval of sensitive SDK credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287
CVE-2026-0589Shared CWE-287

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like the missing nonce verification in the plugin, directly enabling patching to version 4.6.6.

prevent

Mandates validation of inputs such as nonces on the AJAX handler, preventing unauthenticated attackers from generating valid signatures or retrieving the SDK key.

prevent

Enforces approved authorizations on AJAX endpoints to block unauthenticated access to sensitive functions like Zoom SDK signature generation.

References