ZoomSounds - WordPress Wave Audio Player with Playlist

Vulnerabilities 13Slug dzs-zoomsoundsLatest version 6.71Plugin page →

Minimum safe version

6.50

Update to 6.50 or later to address 7 fixable vulnerabilities

Latest available6.71 ✓⚠ 6 vulnerabilities have no fix

N/A

2025-06-25< 6.05

CVE-2021-4457

EUVD CVE

High 7.1 Unfixed

2025-12-31≤ 6.91

WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability

CVE EUVD Wordfence

N/A Unfixed

2025-05-23≤ 6.91

WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability

CVE Wordfence

High 7.5 Unfixed

2025-04-08≤ 6.91

ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download

EUVD Wordfence CVE

High 8.1 Unfixed

2025-04-05≤ 6.91

ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation

CVE EUVD Wordfence Patchstack

Medium 6.4 Unfixed

2025-04-05≤ 6.91

ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

EUVD Wordfence CVE

High 8.1 Unfixed

2025-03-05≤ 6.91

ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection

CVE EUVD Wordfence

Critical 9.8

2024-10-16< 6.05

CVE-2021-4449

CVE

N/A

< 6.05

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

WPScan

N/A

2021-06-24< 6.05

ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload

Wordfence

N/A

2015-06-01< 2.1

WordPress Zoom Sounds Plugins <= 2.0 - Remote File Upload

Patchstack

Critical 9.8

2019-10-10< 3.0

CVE-2015-9471

CVE Wordfence WPScan

High 7.5

2021-08-31< 6.50

CVE-2021-39316

CVE Patchstack Wordfence WPScan