Zoomsounds Security Vulnerabilities and Issues — Zoomsounds CVE List

Lucene search

DigitalzoomstudioZoomsounds

3 matches found

CVE•added 2025/04/05 6:15 a.m.•46 views

CVE-2025-0839

The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level an...

6.4CVSS5.7AI score0.00032EPSS

CVE•added 2025/04/08 8:15 a.m.•41 views

CVE-2025-3431

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server...

7.5CVSS7AI score0.00087EPSS

CVE•added 2025/04/05 6:15 a.m.•35 views

CVE-2024-13776

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes i...

8.1CVSS7.7AI score0.00054EPSS