CVE-2015-9471

CRITICAL

Zoomsounds < 2.0 - Unauthenticated Arbitrary File Upload via admin/upload.php

Title source: llm
STIX 2.1

Description

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8019
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/132124/

Scores

CVSS v3 9.8
EPSS 0.0396
EPSS Percentile 89.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
digitalzoomstudio/zoomsounds < 2.0
Published Oct 10, 2019
Tracked Since Feb 18, 2026