CVE-2023-3947

Summary

CVE-2023-3947 is a vulnerability affecting the Video Conferencing with Zoom plugin for WordPress. This issue allows unauthenticated attackers to decrypt and view sensitive information, including meeting IDs and passwords, due to a hardcoded encryption key in the 'vczapi_encrypt_decrypt' function, which is present in versions up to 4.2.1. The hardcoded key enables unauthorized access to this information, posing a significant risk for data breaches and unauthorized entry into Zoom meetings. To mitigate this issue, it is recommended that affected users immediately update their plugin to a version that addresses this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.