Zoomsounds Security Vulnerabilities and Issues — Zoomsounds CVE List

Lucene search

DigitalzoomstudioZoomsounds

5 matches found

CVE•added 2019/10/10 5:15 p.m.•82 views

CVE-2015-9471

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.

9.8CVSS9.5AI score0.05005EPSS

CVE•added 2024/10/16 7:15 a.m.•51 views

CVE-2021-4449

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may ma...

9.8CVSS9.9AI score0.14085EPSS

CVE•added 2025/03/05 10:15 a.m.•38 views

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Ob...

9.8CVSS7.8AI score0.00334EPSS

CVE•added 2025/05/23 1:15 p.m.•33 views

CVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.

9.8CVSS9.5AI score0.00061EPSS

CVE•added 2025/06/25 3:15 p.m.•8 views

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.

9.1CVSS7.5AI score0.00078EPSS