ByteOS Network

ZoomSounds

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2025-47566

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.04% / 11.68%

7 Day CHG~0.00%

Published-31 Dec, 2025 | 20:07

Updated-20 Jan, 2026 | 15:16

WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91.

Vendor-ZoomSounds

Product-ZoomSounds

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-4457

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-9.1||CRITICAL

EPSS-0.11% / 29.55%

7 Day CHG~0.00%

Published-25 Jun, 2025 | 14:45

Updated-01 Jul, 2025 | 19:15

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.

Vendor-Unknown

Product-ZoomSounds

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2025-47568

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-9.8||CRITICAL

EPSS-0.13% / 33.26%

7 Day CHG+0.03%

Published-23 May, 2025 | 12:43

Updated-08 Jul, 2025 | 13:24

WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.

Vendor-digitalzoomstudio ZoomIt

Product-zoomsounds ZoomSounds

CWE ID-CWE-502

Deserialization of Untrusted Data