Lucene search
K

4 matches found

CVE
CVE
added 2025/06/25 2:45 p.m.28 views

CVE-2021-4457

CVE-2021-4457 concerns the ZoomSounds WordPress plugin prior to 6.05, where a vulnerable PHP file allows unauthenticated users to upload arbitrary files anywhere on the web server. This leads to a high-impact exposure (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N; base 9.1) affecting the plugin’...

9.1CVSS7.5AI score0.00382EPSS
In wildExploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/25 2:45 p.m.6 views

CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

7.5AI score0.00382EPSS
Exploits1References1
NVD
NVD
added 2025/04/08 8:15 a.m.7 views

CVE-2025-3431

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsapdownload' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the serve...

7.5CVSS0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15385 · WordPress · Zoomsounds

Name of the Vulnerable Software and Affected Versions: ZoomSounds - WordPress Wave Audio Player with Playlist versions up to and including 6.91 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, v...

7.5CVSS7.9AI score0.00359EPSS
Exploits0References11
Rows per page
Query Builder