EUVD-2021-34682CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Tags
Description
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
Analysis
CVE-2021-4457 is an unauthenticated arbitrary file upload vulnerability in the ZoomSounds WordPress plugin versions before 6.05. The vulnerability exists in a PHP file that fails to implement proper access controls, allowing remote attackers to upload malicious files anywhere on the web server without authentication. This critical flaw enables complete system compromise through remote code execution, with a CVSS score of 9.1 indicating severe impact. While specific KEV and EPSS data are not provided in the available intelligence, the combination of unauthenticated access (CVSS AV:N/PR:N), high impact to confidentiality and integrity, and the prevalence of WordPress plugin exploitation in the wild suggests this represents an actively exploited vulnerability in real-world deployments.
Technical Context
ZoomSounds is a WordPress audio player plugin distributed through the WordPress.org plugin repository. The vulnerability stems from inadequate input validation and access control in a PHP file handler, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The root cause is the absence of authentication checks (PR:N in CVSS vector) combined with insufficient file type validation, allowing attackers to bypass WordPress security functions and upload executable PHP files. The attack vector is network-based (AV:N) with low complexity (AC:L), meaning no special conditions or user interaction is required. The CPE context would be: cpe:2.3:a:zoomsounds:zoomsounds:*:*:*:*:*:wordpress:*:* with version constraints <6.05. This affects any WordPress installation with the vulnerable plugin active, regardless of WordPress hardening.
Affected Products
ZoomSounds WordPress plugin versions prior to 6.05. Specifically affected versions include all releases from initial publication through version 6.04. The plugin is distributed via the official WordPress.org plugin repository and has been downloaded tens of thousands of times based on typical WordPress plugin adoption patterns. Any WordPress installation (all versions) running ZoomSounds <6.05 with the plugin active is vulnerable. Shared hosting environments and multisite WordPress installations are particularly at risk due to file system accessibility across multiple sites. No vendor advisory reference is provided in the available intelligence, but the vulnerability would have been disclosed to WordPress.org plugin team and catalogued in WordPress security databases.
Remediation
Immediate remediation steps: (1) Update ZoomSounds plugin to version 6.05 or later immediately through WordPress admin dashboard (Plugins > Updates) or manually via WordPress.org repository download, (2) After patching, audit the web server for suspicious uploaded files, particularly in wp-content/uploads and other world-writable directories, checking modification timestamps around vulnerability discovery dates, (3) Search web server logs for POST requests to the vulnerable PHP file endpoint with upload parameters to identify exploitation attempts, (4) If unable to update immediately, disable the ZoomSounds plugin entirely (Deactivate and Delete) until patching can be completed, (5) Implement Web Application Firewall (WAF) rules to block file upload requests to ZoomSounds plugin endpoints as temporary mitigation, (6) Consider restricting PHP execution in wp-content/uploads directory via .htaccess (AddType text/plain .php) to prevent execution of uploaded malicious files. No vendor advisory link is provided in available intelligence; refer to WordPress.org ZoomSounds plugin page and WPVULNDB for official patch confirmation.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today