{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39653", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:57:53.260Z", "datePublished": "2026-04-08T08:30:35.685Z", "dateUpdated": "2026-04-08T08:30:35.685Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "video-conferencing-with-zoom-api", "product": "Video Conferencing with Zoom", "vendor": "Deepen Bajracharya", "versions": [{"lessThanOrEqual": "4.6.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:39.780Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.</p>"}], "value": "Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:35.685Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/video-conferencing-with-zoom-api/vulnerability/wordpress-video-conferencing-with-zoom-plugin-4-6-6-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Video Conferencing with Zoom plugin <= 4.6.6 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6."}], "id": "CVE-2026-39653", "lastModified": "2026-04-08T09:16:36.457", "metrics": {}, "published": "2026-04-08T09:16:36.457", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/video-conferencing-with-zoom-api/vulnerability/wordpress-video-conferencing-with-zoom-plugin-4-6-6-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T10:05:04.315332+00:00", "value": {"mitigation_remediation": ["Update the WordPress plugin Video Conferencing with Zoom to the latest version (at least 4.6.7) which addresses the missing authorization issue.", "Verify that plugin settings enforce proper access controls and that only authorized roles can access sensitive functions.", "If an update is not immediately possible, restrict the plugin\u2019s usage to administrator accounts or temporarily disable it.", "Monitor user activity for any signs of privilege escalation within the plugin."], "summary": {"action": "Apply Patch", "impact": "Missing Authorization"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Video Conferencing with Zoom plugin by Deepen Bajracharya are affected. Versions from the initial release through 4.6.6 are vulnerable. Site administrators should verify which version of the plugin is installed and take remedial action if it is 4.6.6 or older.", "description_and_impact": "Missing Authorization in the WordPress Video Conferencing with Zoom plugin allows attackers to exploit incorrectly configured access control levels. The flaw, identified as CWE-862, removes the necessary checks that should restrict certain features to authorized users. As a result, an attacker can potentially invoke privileged functions, gain access to sensitive information, and alter or delete data that should be protected, leading to confidentiality, integrity, or availability compromises.", "risk_and_exploitability": "The vulnerability carries a high potential impact due to the loss of authorization controls. No CVSS score or EPSS data is publicly available, but the missing authorization flaw is generally considered high severity. Exploitation could be carried out remotely by any user who can interact with the plugin\u2019s interface, potentially requiring no special privileges. The risk remains elevated until a patch is applied or the plugin is otherwise secured."}}}}, "created": "2026-04-08T19:41:22.673167+00:00", "updated": "2026-04-08T19:41:22.673203+00:00", "vendors": []}