CVE-2021-39316

Published: 31/08/2021 Updated: 14/12/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digitalzoomstudio zoomsounds

WordPress DZS Zoomsounds plugin version 645 suffers from an unauthenticated arbitrary file read vulnerability ...

WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)

Expoit-DB wwwexploit-dbcom/exploits/50564 CVE-2021-39316 The vulnerability allows a remote attacker to perform directory traversal attacks The vulnerability exists due to input validation error when processing directory traversal sequences in the "link" parameter in the "dzsap_download" action A remote attacker can send a specially crafted HTTP r

CWE-22 CWE-552 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316 http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html https://nvd.nist.gov https://github.com/UrielYochpaz/Exploit-WordPress-Plugin-DZS-Zoomsounds https://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-39316

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect