VYPR

Zoomsounds

by WordPress

CVEs (3)

  • CVE-2021-4449CriOct 16, 2024
    risk 0.70cvss 9.8epss 0.05

    The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's…

  • CVE-2021-39316Aug 31, 2021
    risk 0.10cvss epss 0.67

    The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.

  • CVE-2024-13777Mar 5, 2025
    risk 0.00cvss epss 0.01

    The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated…