CVE-2021-39316
published 2021-08-31CVE-2021-39316: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
66.54%
99.2th percentile
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digitalzoomstudio | zoomsounds | <= 6.45 | — |
| zoomit | zoomsounds_wordpress_wave_audio_player_with_playlist | 6.45 – 6.45 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET requests containing the 'dzsap_download' action parameter combined with directory traversal sequences ('..') in the 'link' parameter. ↗
- →Use the regex 'root:.*:0:0:' against HTTP 200 responses to confirm successful exploitation (successful /etc/passwd read). ↗
- →Flag HTTP GET requests to WordPress sites where the query string contains both 'action=dzsap_download' and 'link=' with path traversal patterns (e.g., '../'). ↗
- ·The vulnerability is unauthenticated — no credentials or session token are required to exploit it, making it trivially exploitable at scale. ↗
- ·The vulnerability affects a very wide range of plugin versions (1.10 through 6.45); detection rules should not be version-gated. ↗
- ·EPSS score of 0.93526 (99.8th percentile) indicates this vulnerability is actively exploited in the wild; prioritize detection and patching accordingly. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6w94-3r46-x632: The Zoomsounds plugin <= 6
ghsa_unreviewed·2022-05-24
CVE-2021-39316 [HIGH] CWE-22 GHSA-6w94-3r46-x632: The Zoomsounds plugin <= 6
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
VulnCheck
digitalzoomstudio zoomsounds Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2021·CVSS 7.5
CVE-2021-39316 [HIGH] digitalzoomstudio zoomsounds Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
digitalzoomstudio zoomsounds Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
Affected: digitalzoomstudio zoomsounds
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-22&host_type=src&vulnerability=cve-2021-39316; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-24&host_type=src&v
No detection rules found.
Exploit-DB
WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
exploitdb·2021-12-03·CVSS 7.5
CVE-2021-39316 [HIGH] WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
---
# Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
# Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/
# Date: 2/12/2021
# Exploit Author: Uriel Yochpaz
# Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/
# Software Link:
# Version: 1.10, 1.20, 1.30, 1.40, 1.41, 1.43, 1.45, 1.50, 1.51, 1.60, 1.61, 1.62, 1.63, 1.70, 2.00, 2.02, 2.10, 2.20, 2.30, 2.42, 2.43, 2.44, 2.45, 2.46, 2.51, 2.60, 2.61, 2.62, 2.63, 2.64, 2.70, 2.72, 2.75, 3.00, 3.01, 3.03, 3.04, 3.10, 3.12, 3.21, 3.23, 3.24, 3.30, 3.31, 3.32, 3.33, 3.40, 4.00, 4.10, 4.15, 4.20, 4.32, 4.47, 4.51, 4.63, 5.00, 5.03, 5.04, 5.12, 5.18, 5.30, 5.31, 5.48, 5.60, 5.70, 5.82, 5.84, 5.91, 5.93, 5.95,
Nuclei
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2021-39316 [HIGH] WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
WordPress DZS Zoomsounds =6.51) to fix the Local File Inclusion vulnerability.
reference:
- https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316
- http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-39316
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-39316
cwe-id: CWE-22
epss-score: 0.93526
epss-percentile: 0.99828
cpe: cpe:2.3:a:digitalzoomstudio:zoomsounds:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: digitalzoomstudio
product: zoomsounds
framework: wordpress
tags: cve2021,cve,wo
http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.htmlhttps://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.htmlhttps://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316
2021-08-31
Published
Exploited in the wild