CVE-2021-4449 — CVSS 9.8 (critical): The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file…
CVE-2025-47568 — CVSS 9.8 (critical): Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds…
CVE-2021-4457 — CVSS 9.1 (critical): The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
CVE-2024-13776 — CVSS 8.1 (high): The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can…
CVE-2024-13777 — CVSS 8.1 (high): The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up…
CVE-2021-39316 — CVSS 7.5 (high): The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be…
CVE-2025-3431 — CVSS 7.5 (high): The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to…
CVE-2025-0839 — CVSS 6.4 (medium): The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due…