Eroom
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49919 | Med | 0.38 | 5.8 | 0.00 | Dec 18, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6. | ||
| CVE-2022-43472 | Med | 0.28 | 4.3 | 0.01 | Dec 13, 2024 | Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6. | ||
| CVE-2024-3275 | Med | 0.28 | 4.3 | 0.01 | May 2, 2024 | The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to… | ||
| CVE-2022-25614 | 0.00 | — | 0.00 | Apr 11, 2022 | Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | |||
| CVE-2022-25615 | 0.00 | — | 0.00 | Apr 11, 2022 | Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | |||
| CVE-2005-2185 | 0.00 | — | 0.01 | Jul 11, 2005 | eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | |||
| CVE-2005-2184 | 0.00 | — | 0.02 | Jul 11, 2005 | eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. |
- risk 0.38cvss 5.8epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
- risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.
- risk 0.28cvss 4.3epss 0.01
The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to…
- CVE-2022-25614Apr 11, 2022risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
- CVE-2022-25615Apr 11, 2022risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
- CVE-2005-2185Jul 11, 2005risk 0.00cvss —epss 0.01
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
- CVE-2005-2184Jul 11, 2005risk 0.00cvss —epss 0.02
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.