Vulnerabilities (CVE)

Filtered by vendor Digitalzoomstudio Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39316 1 Digitalzoomstudio 1 Zoomsounds 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
CVE-2015-9471 1 Digitalzoomstudio 1 Zoomsounds 2024-11-21 7.5 HIGH 9.8 CRITICAL
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
CVE-2014-9094 1 Digitalzoomstudio 1 Video Gallery 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
CVE-2014-3923 1 Digitalzoomstudio 1 Video Gallery 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.
CVE-2021-4449 1 Digitalzoomstudio 1 Zoomsounds 2024-10-30 N/A 9.8 CRITICAL
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.