The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html | Exploit Third Party Advisory VDB Entry |
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-08-30T00:00:00
Updated: 2021-12-03T19:06:04
Reserved: 2021-08-20T00:00:00
Link: CVE-2021-39316
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-31T12:15:07.420
Modified: 2021-12-14T20:22:18.387
Link: CVE-2021-39316
JSON object: View
Redhat Information
No data.