ZoomSounds - WordPress Wave Audio Player with Playlist

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   ZoomSounds - WordPress Wave Audio Player with Playlist

Information

Software Type Plugin
Software Slug dzs-zoomsounds
Software Status Active
Software Author ZoomIt
Software Website codecanyon.net
Software Active Installs 4,000
Software Record Last Updated January 28, 2025

7 Vulnerabilities

Submit a Vulnerability
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download
7.5
CVE-2025-3431
Apr 7, 2025
Researcher: Mohammadamin Alidoost
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation
8.1
CVE-2024-13776
Apr 4, 2025
Researcher: Lucio Sá
ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2025-0839
Apr 4, 2025
Researcher: István Márton
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection
8.1
CVE-2024-13777
Mar 4, 2025
Researcher: Lucio Sá
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal
7.5
CVE-2021-39316
Aug 30, 2021
Researcher: DigitalJessica Ltd
ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload
9.8
CVE-2021-4449
Jun 24, 2021
Researcher: ganj
ZoomSounds <= 2.0 - Arbitrary File Upload
9.8
CVE-2015-9471
Jun 1, 2015
Researchers:
Title Status CVE ID CVSS Researchers Date
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download Unpatched CVE-2025-3431 7.5 Mohammadamin Alidoost April 7, 2025
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation Unpatched CVE-2024-13776 8.1 Lucio Sá April 4, 2025
ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Unpatched CVE-2025-0839 6.4 István Márton April 4, 2025
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection Unpatched CVE-2024-13777 8.1 Lucio Sá March 4, 2025
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal Patched CVE-2021-39316 7.5 DigitalJessica Ltd August 30, 2021
ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload Patched CVE-2021-4449 9.8 ganj June 24, 2021
ZoomSounds <= 2.0 - Arbitrary File Upload Patched CVE-2015-9471 9.8 June 1, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.