CVE-2025-3431

High CVSS: 7.5

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Vendor

Digitalzoomstudio

Product

Zoomsounds

CWE

CWE-73

Yayın Tarihi

2025-04-08 08:15:18

Güncelleme

2025-06-04 22:27:39

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-73 Zoomsounds HIGH Digitalzoomstudio 2025

Referanslar

https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433 https://www.wordfence.com/threat-intel/vulnerabilities/id/a78998da-1cb1-4991-95a8-a551bde04064?source=cve

Benzer Kayıtlar

Critical

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywher…

Unknown

CVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue a…

Medium

CVE-2025-0839

The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and i…

High

CVE-2024-13776

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modificati…

High

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in…