Zoomsounds Security Vulnerabilities and Issues — Zoomsounds CVE List

Lucene search

DigitalzoomstudioZoomsounds

9 matches found

CVE•added 2019/10/10 5:15 p.m.•81 views

CVE-2015-9471

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.

9.8CVSS9.5AI score0.05005EPSS

CVE•added 2021/08/31 12:15 p.m.•74 views

CVE-2021-39316

The Zoomsounds plugin

7.5CVSS7.5AI score0.9071EPSS

CVE•added 2024/10/16 7:15 a.m.•51 views

CVE-2021-4449

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may ma...

9.8CVSS9.9AI score0.13449EPSS

CVE•added 2025/04/05 6:15 a.m.•46 views

CVE-2025-0839

The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level an...

6.4CVSS5.7AI score0.00032EPSS

CVE•added 2025/04/08 8:15 a.m.•41 views

CVE-2025-3431

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server...

7.5CVSS7AI score0.00087EPSS

CVE•added 2025/03/05 10:15 a.m.•38 views

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Ob...

9.8CVSS7.8AI score0.00554EPSS

CVE•added 2025/04/05 6:15 a.m.•35 views

CVE-2024-13776

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes i...

8.1CVSS7.7AI score0.00054EPSS

CVE•added 2025/05/23 1:15 p.m.•32 views

CVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.

9.8CVSS9.5AI score0.00058EPSS

CVE•added 2025/06/25 3:15 p.m.•7 views

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.

9.1CVSS7.5AI score0.00053EPSS