Ganj

Name of the Vulnerable Software and Affected Versions: ZoomSounds plugin versions prior to 6.05 Description: The issue allows unauthenticated users to upload an arbitrary file anywhere on the web server due to a vulnerable PHP file. Recommendations: For versions prior to 6.05, update to version 6.05 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZoomSounds plugin for WordPress versions up to and including 5.96 **Description** The ZoomSounds plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation in the `savepng.php` file. This allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially leading to remote code execution. The API endpoint involved is not explicitly mentioned. The vulnerable parameter is not explicitly mentioned. The vulnerable function is `savepng.php`. **Recommendations** Update the ZoomSounds plugin to a version newer than 5.96.