CVE-2026-39653
Description
Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Video Conferencing with Zoom plugin for WordPress <=4.6.6 has missing authorization, allowing low-privileged attackers to exploit incorrectly configured access controls.
The Video Conferencing with Zoom plugin for WordPress, versions 4.6.6 and earlier, suffers from a missing authorization vulnerability. According to Patchstack, the issue allows exploitation of incorrectly configured access control security levels, specifically a missing authorization or nonce token check in a function [1].
An attacker with unprivileged access can exploit this flaw to execute higher-privileged actions. The vulnerability does not require authentication for exploitation; it can be triggered by any user who can interact with the plugin’s functionality [1].
The impact includes unauthorized access to sensitive features or data, potentially leading to further compromise of the WordPress site. While the vulnerability is rated as low severity with CVSS 4.3, Patchstack notes that such flaws are often used in mass exploit campaigns targeting thousands of sites [1].
Users are strongly advised to update the plugin to version 4.6.7 or later, which addresses the vulnerability. Patchstack recommends enabling auto-updates for vulnerable plugins to ensure timely protection [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.6.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.