The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
9.8CVSS
9.5AI Score
0.005EPSS
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link parameter.
7.5CVSS
7.5AI Score
0.342EPSS