CVE-2025-47566 WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91...

CVE-2025-47566

CVE-2025-47566 refers to a Cross‑Site Scripting vulnerability in the ZoomSounds WordPress plugin. The description and connected docs confirm it is a Reflected XSS caused by improper neutralization of input during web page generation, affecting ZoomSounds:

VulnCheck KEV: CVE-2021-4449

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...

EUVD-2015-9311

Malware in sbrugna...

EUVD-2025-10351

Malicious code in bioql PyPI...

EUVD-2021-34682

Malicious code in bioql PyPI...

EUVD-2025-9912

Malicious code in bioql PyPI...

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

WordPress Zoomsounds plugin file upload vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Zoomsounds plugin that originates from allowing unauthenticated users to upload arbitrary files to a web server. No details o...

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

WordPress plugin ZoomSounds 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Zoomsounds plugin that originates from allowing unauthenticated users to upload arbitrary files to a web server. No details o...

PT-2025-26832 · Unknown · Zoomsounds

Name of the Vulnerable Software and Affected Versions: ZoomSounds plugin versions prior to 6.05 Description: The issue allows unauthenticated users to upload an arbitrary file anywhere on the web server due to a vulnerable PHP file. Recommendations: For versions prior to 6.05, update to version...

WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin ZoomSounds versions = 6.91...

WordPress plugin ZoomSounds 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2015-9471

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload...

CVE-2025-3431

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsapdownload' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the serve...

CVE-2025-3431 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsapdownload' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the serve...

CVE-2025-3431 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsapdownload' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the serve...