PT-2019-7430 · WordPress · Dzs-Zoomsounds

Published

2019-10-10

Updated

2021-09-02

CVE-2015-9471

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions dzs-zoomsounds plugin versions through 2.0 for WordPress

Description The issue concerns an arbitrary file upload in the admin/upload.php endpoint. This allows for potential malicious file uploads.

Recommendations For versions through 2.0, consider disabling the admin/upload.php endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2015-9471

Affected Products

Dzs-Zoomsounds

PT-2019-7430 · WordPress · Dzs-Zoomsounds

CVE-2015-9471

Weakness Enumeration

Related Identifiers

Affected Products

References · 6