cbcvebase.
CVE-2025-3431
published 2025-04-08

CVE-2025-3431: The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91…

PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.36%
27.8th percentile
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Affected

2 ranges
VendorProductVersion rangeFixed in
digitalzoomstudiozoomsounds<= 6.91
zoomitzoomsounds_wordpress_wave_audio_player_with_playlist<= 6.91
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.