7.5
CVE-2025-3431
- EPSS 0.49%
- Veröffentlicht 08.04.2025 07:29:43
- Zuletzt bearbeitet 04.06.2025 22:27:39
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Mögliche Gegenmaßnahme
ZoomSounds - WordPress Wave Audio Player with Playlist: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ZoomSounds - WordPress Wave Audio Player with Playlist
Version
*-6.91
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Digitalzoomstudio ≫ Zoomsounds SwPlatformwordpress Version <= 6.91
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.649 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.