Zoomit Zoomsounds - Wordpress Wave Audio Player With Playlist
6 CVEs affecting Zoomit Zoomsounds - Wordpress Wave Audio Player With Playlist. Latest disclosed: 2025-04-08. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-4449 | Critical | 9.8 | 2024-10-16 | The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, an… |
CVE-2024-13776 | High | 8.1 | 2025-04-05 | The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of… |
CVE-2024-13777 | High | 8.1 | 2025-03-05 | The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.9… |
CVE-2025-3431 | High | 7.5 | 2025-04-08 | The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91… |
CVE-2021-39316 | High | 7.5 | 2021-08-31 | The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dz… |
CVE-2025-0839 | Medium | 6.4 | 2025-04-05 | The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient inpu… |