CVE-2021-39316

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Zoomsounds plugin versions <= 6.45 for WordPress

Description: The issue allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap download action using directory traversal in the link parameter.

Recommendations: For Zoomsounds plugin versions <= 6.45, update to a version greater than 6.45 to resolve the issue. As a temporary workaround, consider restricting access to the dzsap download action to minimize the risk of exploitation. Avoid using the link parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Files Accessible to External Parties

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552CWE-22

Related Identifiers

CVE-2021-39316

Affected Products

Zoomsounds

CVE-2021-39316

Weakness Enumeration

Related Identifiers

Affected Products

References · 7