Cross-Site Request Forgery Vulnerability in GoodMeet Plugin for WordPress
CVE-2026-6440
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-6440?
The GoodMeet plugin for WordPress, which enables Google Meet integration for webinars and video conferences, contains a vulnerability that exposes it to Cross-Site Request Forgery (CSRF) attacks. In versions up to 1.1.8, the absence of nonce verification in the reset_credential() function allows unauthenticated attackers to trick administrators into executing malicious actions. Specifically, an attacker could reset critical Google Meet API credentials and OAuth tokens, disabling the integration through social engineering tactics. This highlights the importance of nonce validation in AJAX functions to safeguard against unauthorized actions.
Affected Version(s)
GoodMeet β Google Meet Integration for Webinar, Meeting & Video Conference 0 <= 1.1.8