4 matches found
CVE-2021-4457
CVE-2021-4457 concerns the ZoomSounds WordPress plugin prior to 6.05, where a vulnerable PHP file allows unauthenticated users to upload arbitrary files anywhere on the web server. This leads to a high-impact exposure (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N; base 9.1) affecting the plugin’...
CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...
CVE-2025-3431
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsapdownload' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the serve...
PT-2025-15385 · WordPress · Zoomsounds
Name of the Vulnerable Software and Affected Versions: ZoomSounds - WordPress Wave Audio Player with Playlist versions up to and including 6.91 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, v...