Description
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist version 6.45 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.50 or latest
References
https://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html
https://sploitus.com/exploit?id=1337DAY-ID-37099
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316
Related Vulnerabilities
WordPress Plugin Thrive Ovation Security Bypass (2.4.4)
WordPress Plugin Name Directory Cross-Site Request Forgery (1.17.4)
WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Security Bypass (1.6.15)
MySQL CVE-2022-39400 Vulnerability (CVE-2022-39400)
WordPress Plugin WP Statistics Multiple Vulnerabilities (13.1.5)