CVE-2025-0839

Medium CVSS: 6.4

The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Digitalzoomstudio

Product

Zoomsounds

CWE

CWE-79

Yayın Tarihi

2025-04-05 06:15:39

Güncelleme

2025-06-04 22:26:13

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Zoomsounds MEDIUM Digitalzoomstudio 2025

Referanslar

https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433 https://www.wordfence.com/threat-intel/vulnerabilities/id/49b76f5f-03f7-48bc-b848-9ab55d875639?source=cve

Benzer Kayıtlar

Critical

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywher…

Unknown

CVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue a…

High

CVE-2025-3431

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in…

High

CVE-2024-13776

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modificati…

High

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in…