Vulnerabilities > Digitalzoomstudio > Zoomsounds > 1.50
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-39316 | Files or Directories Accessible to External Parties vulnerability in Digitalzoomstudio Zoomsounds The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. | 5.0 |
| 2019-10-10 | CVE-2015-9471 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalzoomstudio Zoomsounds The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. | 7.5 |