WP-Safety

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Security & Risk Analysis

wordpress.org/plugins/eroom-zoom-meetings-webinar

eRoom is the best WordPress Zoom Meeting and Webinar Plugin. eRoom Zoom WordPress plugin enables integration with Zoom, Google Meet, Microsoft Teams.

10K active installs v1.6.5 PHP 7.4+ WP 5.8+ Updated Mar 5, 2026
google-meetmicrosoft-teamsvideo-conferencewebinarzoom
92
A · Safe
CVEs total7
Unpatched0
Last CVENov 26, 2025
Plugin page Download
Safety Verdict

Is eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Safe to Use in 2026?

Generally Safe

Score 92/100

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Nov 26, 2025Updated 29d ago
Risk Assessment

The eRoom Zoom Meetings Webinar plugin v1.6.5 presents a mixed security posture. While it demonstrates good practices in output escaping (97%) and uses prepared statements for a majority of its SQL queries (60%), several concerning areas exist. The static analysis reveals a significant attack surface with 15 AJAX handlers, 5 of which lack proper authentication checks. This directly exposes functionality to unauthorized users. Furthermore, the presence of the `unserialize` function is a known risk vector, especially if user-controlled data is passed to it without careful sanitization, though the taint analysis currently shows no critical or high severity flows. The vulnerability history is a significant concern, with 7 known CVEs, including one high severity and six medium severity vulnerabilities. While there are currently no unpatched CVEs, the recurring pattern of 'Exposure of Sensitive Information to an Unauthorized Actor', 'Missing Authorization', and 'Cross-Site Request Forgery' suggests systemic weaknesses in authorization and input validation, even if recent versions have addressed these. The last vulnerability being as recent as November 2025 (assuming a typo and it refers to the past) further underscores the need for vigilance. The plugin has strengths in its output sanitization, but the unprotected AJAX endpoints and the historical vulnerability patterns warrant a cautious approach.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Vulnerability history: 1 high severity CVE
  • Vulnerability history: 6 medium severity CVEs
  • High percentage of SQL queries without prepared statements (40%)
Vulnerabilities
7

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
1 CVE in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
6

7 total CVEs

CVE-2025-49919high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

eRoom <= 1.5.6 - Unauthenticated Information Exposure

Nov 26, 2025 Patched in 1.5.7 (24d)
CVE-2025-11760medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

Oct 24, 2025 Patched in 1.5.7 (1d)
CVE-2024-3275medium · 4.3Missing Authorization

eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure

Apr 12, 2024 Patched in 1.4.19 (21d)
CVE-2022-43472medium · 5.3Missing Authorization

eRoom – Zoom Meetings & Webinar <= 1.4.6 - Missing Authorization via stm_wpcfto_get_settings_callback

Mar 22, 2023 Patched in 1.4.7 (307d)
CVE-2022-25615medium · 4.3Cross-Site Request Forgery (CSRF)

eRoom – Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery

Apr 11, 2022 Patched in 1.3.9 (651d)
CVE-2022-25614medium · 4.3Cross-Site Request Forgery (CSRF)

eRoom – Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery

Apr 11, 2022 Patched in 1.3.8 (651d)
WF-89a23d5a-7728-403e-b654-595d92c20b66-eroom-zoom-meetings-webinarmedium · 5.4Missing Authorization

eRoom – Zoom Meetings & Webinar <= 1.3.7 - Unauthorized Setting Update

Apr 6, 2022 Patched in 1.3.8 (657d)
Code Analysis
Analyzed Mar 16, 2026

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Code Analysis

Dangerous Functions
2
Raw SQL Queries
4
6 prepared
Unescaped Output
36
1006 escaped
Nonce Checks
15
Capability Checks
7
File Operations
14
External Requests
3
Bundled Libraries
2

Dangerous Functions Found

unserialize$value = unserialize( $value );nuxy\helpers\helpers.php:113
unserialize$value = unserialize( $value ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unsenuxy\metaboxes\metabox.php:230

Bundled Libraries

Freemius1.0Guzzle

SQL Query Safety

60% prepared10 total queries

Output Escaping

97% escaped1042 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
get_fields (nuxy\metaboxes\metabox.php:61)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Attack Surface

Entry Points18
Unprotected5

AJAX Handlers 15

noprivwp_ajax_stm_zoom_migration_actionincludes\migration\migration.php:12
authwp_ajax_stm_zoom_migration_actionincludes\migration\migration.php:13
authwp_ajax_eroom_notice_dismissedincludes\notice\NoticeBase.php:18
authwp_ajax_wpcfto_upload_filenuxy\helpers\file_upload.php:7
authwp_ajax_stm_wpcfto_get_settingsnuxy\helpers\helpers.php:55
authwp_ajax_wpcfto_get_image_urlnuxy\helpers\helpers.php:146
authwp_ajax_wpcfto_search_postsnuxy\metaboxes\metabox.php:20
authwp_ajax_wpcfto_save_settingsnuxy\settings\settings.php:18
authwp_ajax_wpcfto_create_termnuxy\settings\settings.php:19
authwp_ajax_wpcfto_regenerate_fontsnuxy\settings\settings.php:20
authwp_ajax_stm_zoom_ajax_add_feedbackzoom-conference\StmZoomAdminNotices.php:11
authwp_ajax_stm_zoom_sync_meetings_webinarszoom-conference\StmZoomPostTypes.php:35
authwp_ajax_stm_zoom_delete_from_apizoom-conference\StmZoomPostTypes.php:37
authwp_ajax_stm_zoom_meeting_signzoom-conference\StmZoomPostTypes.php:45
noprivwp_ajax_stm_zoom_meeting_signzoom-conference\StmZoomPostTypes.php:47

Shortcodes 3

[stm_zoom_conference] zoom-conference\StmZoom.php:15
[stm_zoom_webinar] zoom-conference\StmZoom.php:16
[stm_zoom_conference_grid] zoom-conference\StmZoom.php:17
WordPress Hooks 69
actionelementor/widgets/registerelementor\StmZoomElementor.php:42
filterstm_wpcfto_fieldsgoogle-meet\StmERoomGoogleMeet.php:10
filterstm_zoom_settings_fieldsgoogle-meet\StmERoomGoogleMeet.php:11
actionadmin_enqueue_scriptsincludes\item-announcements.php:3
actionall_admin_noticesincludes\item-announcements.php:16
actionadmin_enqueue_scriptsincludes\migration\migration.php:15
actionadmin_footerincludes\migration\migration.php:16
actionadmin_initincludes\notice\CampaignNoticeHandler.php:15
actionadmin_initincludes\notice\CampaignNoticeHandler.php:16
filtereroom_all_noticesincludes\notice\CampaignNoticeHandler.php:121
actionadmin_noticesincludes\notice\NoticeBase.php:17
actionadmin_initincludes\notice\NoticeHandler.php:30
actionadmin_initincludes\notice\NoticeHandler.php:31
filtereroom_all_noticesincludes\notice\NoticeHandler.php:33
actionwp_headnuxy\helpers\helpers.php:25
actionadmin_headnuxy\helpers\helpers.php:26
actionadmin_headnuxy\helpers\helpers.php:52
actionwp_headnuxy\helpers\helpers.php:53
actionadd_meta_boxesnuxy\metaboxes\metabox.php:14
actionadmin_enqueue_scriptsnuxy\metaboxes\metabox.php:16
actionsave_postnuxy\metaboxes\metabox.php:18
filtersafe_style_cssnuxy\metaboxes\metabox.php:22
actionadmin_initnuxy\metaboxes\metabox.php:24
actionplugins_loadednuxy\NUXY.php:15
filterwpcfto_versionsnuxy\NUXY.php:57
actionadmin_menunuxy\settings\settings.php:17
filterwpcfto_enable_regenerate_fontsnuxy\settings\settings.php:21
filterwpcfto_field_fonts_download_settingsnuxy\settings\settings.php:22
actionadmin_bar_menunuxy\settings\settings.php:25
actionwp_headnuxy\settings\settings.php:26
actionadmin_headnuxy\settings\settings.php:27
actioninitnuxy\settings\settings.php:328
actionadmin_enqueue_scriptsnuxy\taxonomy_meta\enqueue.php:14
actionadmin_initnuxy\taxonomy_meta\metaboxes.php:24
actionvc_after_initvc\main.php:2
actioninitzoom-conference\PostTypeCapabilities.php:54
actionwp_enqueue_scriptszoom-conference\StmZoom.php:13
actionwp_headzoom-conference\StmZoom.php:14
filtertemplate_includezoom-conference\StmZoom.php:18
filterposts_wherezoom-conference\StmZoom.php:317
filterposts_joinzoom-conference\StmZoom.php:318
actionadmin_menuzoom-conference\StmZoomAdminMenus.php:9
filterstm_wpcfto_autocomplete_stm_alternative_hostszoom-conference\StmZoomAdminMenus.php:21
actionadmin_enqueue_scriptszoom-conference\StmZoomAdminMenus.php:31
actionadmin_headzoom-conference\StmZoomAdminMenus.php:33
actionadmin_head-edit.phpzoom-conference\StmZoomAdminMenus.php:37
actionwpcfto_settings_savedzoom-conference\StmZoomAdminMenus.php:38
actionadmin_noticeszoom-conference\StmZoomAdminMenus.php:39
filterwpcfto_options_page_setupzoom-conference\StmZoomAdminMenus.php:125
actionadmin_noticeszoom-conference\StmZoomAdminNotices.php:9
actionstm_zoom_after_create_meetingzoom-conference\StmZoomAdminNotices.php:13
actionstm_admin_notice_rate_eroom-zoom-meetings-webinar_singlezoom-conference\StmZoomAdminNotices.php:15
actioninitzoom-conference\StmZoomPostTypes.php:9
filtermanage_stm-zoom_posts_columnszoom-conference\StmZoomPostTypes.php:13
filtermanage_stm-zoom-webinar_posts_columnszoom-conference\StmZoomPostTypes.php:14
actionmanage_stm-zoom_posts_custom_columnzoom-conference\StmZoomPostTypes.php:15
actionmanage_stm-zoom-webinar_posts_custom_columnzoom-conference\StmZoomPostTypes.php:16
actioninitzoom-conference\StmZoomPostTypes.php:18
filterstm_wpcfto_fieldszoom-conference\StmZoomPostTypes.php:21
actionadmin_noticeszoom-conference\StmZoomPostTypes.php:26
actionadd_meta_boxeszoom-conference\StmZoomPostTypes.php:29
actionsave_postzoom-conference\StmZoomPostTypes.php:31
actionbefore_delete_postzoom-conference\StmZoomPostTypes.php:33
actionbookit_appointment_status_changedzoom-conference\StmZoomPostTypes.php:39
actionbookit_appointment_updatedzoom-conference\StmZoomPostTypes.php:41
actionsave_postzoom-conference\StmZoomPostTypes.php:43
filterstm_wpcfto_boxeszoom-conference\StmZoomPostTypes.php:368
filterstm_wpcfto_fieldszoom-conference\StmZoomPostTypes.php:389
actionsave_postzoom-conference\StmZoomPostTypes.php:867
Maintenance & Trust

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads668K

Community Trust

Rating82/100
Number of ratings68
Active installs10K
Alternatives

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Alternatives

MeetingHub for Zoom Meeting, Google Meet, Jitsi Meet, Webex, & Microsoft Teams | The All-in-One Webinar & Video Conference Solution

MeetingHub for Zoom Meeting, Google Meet, Jitsi Meet, Webex, & Microsoft Teams | The All-in-One Webinar & Video Conference Solution

meetinghub

A
98

Meeting plugin to create instant webinars and meetings with Zoom Meeting, Google Meet, Jitsi Meet, Webex, & Microsoft Teams.

500 2 CVEs
Video Conferencing with Zoom

Video Conferencing with Zoom

video-conferencing-with-zoom-api

A
95

Gives you the power to manage Zoom Meetings, Zoom Webinars, Recordings, Reports and create users directly from your WordPress dashboard.

20K 9 CVEs
ZooMeet – Zoom Meeting & Webinar Integration | Dedicated Zoom Video Conference Solution for WordPress

ZooMeet – Zoom Meeting & Webinar Integration | Dedicated Zoom Video Conference Solution for WordPress

zoomeet

A
100

Easily create instant webinars and meetings with Zoom integration for WordPress. Manage Zoom Meetings, Webinars, Recordings, and Users directly from y &hellip;

0 No CVEs
FlexMeeting – Webinar & Meeting Plugin for Jitsi Meet

FlexMeeting – Webinar & Meeting Plugin for Jitsi Meet

webinar-and-video-conference-with-jitsi-meet

A
99

Host webinars and video conferences directly on your site. Add branded Jitsi-based meetings and live sessions easily.

1K 2 CVEs
WebinarPress – Webinar System for WordPress

WebinarPress – Webinar System for WordPress

wp-webinarsystem

D
32

Supercharge your website with our powerful webinar plugin! Host engaging live webinars and run automated evergreen webinars effortlessly.

1K 5 unpatched
Developer Profile

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams Developer Profile

WPCenter

2 plugins · 20K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
233 days
View full developer profile
Detection Fingerprints

How We Detect eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eroom-zoom-meetings-webinar/assets/css/admin/migration.css/wp-content/plugins/eroom-zoom-meetings-webinar/assets/js/admin/migration.js
Script Paths
https://stylemixthemes.com/item-announcements/js/app.js
Version Parameters
eroom-zoom-meetings-webinar/style.css?ver=stm-zoom-migration?ver=stm-zoom-migration?ver=

HTML / DOM Fingerprints

CSS Classes
stm-item-announcements-notice
Data Attributes
data-mount="stm-item-announcements-notice"data-slug="eroom-zoom-meetings-webinar"
JS Globals
stmItemAnnouncementsstm_zoom_migration_demo_ajax_variable
FAQ

Frequently Asked Questions about eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams