CVE-2021-4457

Critical CVSS: 9.1

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.

Vendor

Product

CWE

Yayın Tarihi

2025-06-25 15:15:21

Güncelleme

2025-07-07 17:40:37

Source Identifier

contact@wpscan.com

KEV Date Added

CWE-434 Zoomsounds CRITICAL Digitalzoomstudio 2025

https://wpscan.com/vulnerability/07259a61-8ba9-4dd0-8d52-cc1df389c0ad

Unknown

CVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue a…

High

CVE-2025-3431

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in…

Medium

CVE-2025-0839

The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and i…

High

CVE-2024-13776

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modificati…

High

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in…