Digitalzoomstudio
Products
7- 8 CVEs
- 4 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-4449 | Cri | 0.70 | 9.8 | 0.05 | Oct 16, 2024 | The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's… | ||
| CVE-2024-52430 | Cri | 0.66 | 9.8 | 0.01 | Nov 18, 2024 | Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through <= 0.2.1. | ||
| CVE-2025-47552 | Cri | 0.64 | 9.8 | 0.00 | Jan 7, 2026 | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | ||
| CVE-2025-47568 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91. | ||
| CVE-2025-47553 | Hig | 0.57 | 8.8 | 0.00 | Jan 6, 2026 | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | ||
| CVE-2025-49049 | Hig | 0.55 | 8.5 | 0.00 | Jan 22, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39. | ||
| CVE-2025-32300 | Hig | 0.46 | 7.1 | 0.00 | Jan 7, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25. | ||
| CVE-2025-47566 | Hig | 0.46 | 7.1 | 0.00 | Dec 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91. | ||
| CVE-2025-53226 | Hig | 0.46 | 7.1 | 0.00 | Aug 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box comments-capcha-box allows Reflected XSS.This issue affects Comments Capcha Box: from n/a through <= 1.1. | ||
| CVE-2025-23579 | Med | 0.42 | 6.5 | 0.00 | Mar 3, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio DZS Ajaxer Lite dzs-ajaxer-lite-dynamic-page-load allows Stored XSS.This issue affects DZS Ajaxer Lite: from n/a through <= 1.04. | ||
| CVE-2025-23581 | Med | 0.42 | 6.5 | 0.00 | Feb 3, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Demo User DZS demo-user-dzs-showcase-your-admin-safely allows Stored XSS.This issue affects Demo User DZS: from n/a through <= 1.1.0. | ||
| CVE-2024-51848 | Med | 0.42 | 6.5 | 0.00 | Nov 19, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Parallaxer parallaxer-lite-parallax-effects-on-images allows Stored XSS.This issue affects Parallaxer: from n/a through <= 1.00. | ||
| CVE-2025-22503 | Med | 0.28 | 4.3 | 0.00 | Jan 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress – enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through <= 1.0.13. | ||
| CVE-2022-0826 | 0.06 | — | 0.09 | May 9, 2022 | The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||
| CVE-2014-9094 | 0.04 | — | 0.07 | Nov 26, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. | |||
| CVE-2021-4457 | 0.00 | — | 0.00 | Jun 25, 2025 | The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server. | |||
| CVE-2014-3923 | 0.00 | — | 0.02 | May 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3)… |
- risk 0.70cvss 9.8epss 0.05
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's…
- risk 0.66cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through <= 0.2.1.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box comments-capcha-box allows Reflected XSS.This issue affects Comments Capcha Box: from n/a through <= 1.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio DZS Ajaxer Lite dzs-ajaxer-lite-dynamic-page-load allows Stored XSS.This issue affects DZS Ajaxer Lite: from n/a through <= 1.04.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Demo User DZS demo-user-dzs-showcase-your-admin-safely allows Stored XSS.This issue affects Demo User DZS: from n/a through <= 1.1.0.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Parallaxer parallaxer-lite-parallax-effects-on-images allows Stored XSS.This issue affects Parallaxer: from n/a through <= 1.00.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress – enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through <= 1.0.13.
- CVE-2022-0826May 9, 2022risk 0.06cvss —epss 0.09
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
- CVE-2014-9094Nov 26, 2014risk 0.04cvss —epss 0.07
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
- CVE-2021-4457Jun 25, 2025risk 0.00cvss —epss 0.00
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
- CVE-2014-3923May 30, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3)…