Information Exposure Vulnerability in eRoom - Webinar & Meeting Plugin for WordPress
CVE-2025-11760

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Eroom – Webinar & Meeting Plugin For Zoom, Google Meet, Microsoft Teams
Vendor: CVE Published:; 25 October 2025

What is CVE-2025-11760?

The eRoom - Webinar & Meeting Plugin for WordPress, which integrates with Zoom, Google Meet, and Microsoft Teams, is susceptible to a serious information exposure issue. This vulnerability allows unauthenticated users to access sensitive SDK secrets stored in JavaScript on the client side. Specifically, the plugin inadvertently reveals Zoom SDK secret keys in the meeting view template, enabling attackers to obtain the sdk_secret value. This breach can lead to the unauthorized generation of valid JWT signatures, granting access to secured meetings and compromising the integrity of the Zoom integration.

Affected Version(s)

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams * <= 1.5.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/eroom-zoom-mee...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2025
Vulnerability Reserved
Oct 14, 2025

Credit

Rafshanzani Suhada

JSON