VYPR

Zoomsounds

by Digitalzoomstudio

Source repositories

CVEs (4)

  • CVE-2021-4449CriOct 16, 2024
    risk 0.70cvss 9.8epss 0.05

    The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's…

  • CVE-2025-47568CriMay 23, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91.

  • CVE-2025-47566HigDec 31, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91.

  • CVE-2021-4457Jun 25, 2025
    risk 0.00cvss epss 0.00

    The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.