5 matches found
CVE-2024-13776
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsapdeletenotice' AJAX action in all versions up to, and including, 6.91. This makes i...
CVE-2024-13776
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsapdeletenotice' AJAX action in all versions up to, and including, 6.91. This makes i...
CVE-2025-0839
CVE-2025-0839 concerns ZoomSounds — WordPress Wave Audio Player with Playlist. The vulnerability is a Stored Cross-Site Scripting (XSS) in the ZoomSounds plugin, affecting versions up to and including 6.91, caused by insufficient input sanitization and output escaping on user-supplied shortcode a...
CVE-2024-13777
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP...
CVE-2024-13777
The CVE-2024-13777 entry covers ZoomSounds – WordPress Wave Audio Player with Playlist (WordPress plugin) up to version 6.91. It is vulnerable to PHP Object Injection via deserialization of untrusted input in the margs parameter, allowing unauthenticated attackers to inject a PHP object. The base...