cbcvebase.
CVE-2021-39316
published 2021-08-31

CVE-2021-39316: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the…

PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
66.54%
99.2th percentile
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
digitalzoomstudiozoomsounds<= 6.45
zoomitzoomsounds_wordpress_wave_audio_player_with_playlist6.45 – 6.45

Detection & IOCsextracted from sources · hover to see the quote

url/?action=dzsap_download&link=../../../../../../../../../../etc/passwd
url/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd
path/wp-content/plugins/dzs-zoomsounds/
commandaction=dzsap_download&link=<traversal_payload>
  • Detect unauthenticated GET requests containing the 'dzsap_download' action parameter combined with directory traversal sequences ('..') in the 'link' parameter.
  • Use the regex 'root:.*:0:0:' against HTTP 200 responses to confirm successful exploitation (successful /etc/passwd read).
  • Flag HTTP GET requests to WordPress sites where the query string contains both 'action=dzsap_download' and 'link=' with path traversal patterns (e.g., '../').
  • ·The vulnerability is unauthenticated — no credentials or session token are required to exploit it, making it trivially exploitable at scale.
  • ·The vulnerability affects a very wide range of plugin versions (1.10 through 6.45); detection rules should not be version-gated.
  • ·EPSS score of 0.93526 (99.8th percentile) indicates this vulnerability is actively exploited in the wild; prioritize detection and patching accordingly.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.