This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Path Traversal in ZoomSounds plugin. π **Consequences**: Attackers download **arbitrary files**, including sensitive configs like `wp-config.php`. π₯ **Impact**: Full site compromise via credential theft.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE**: CWE-22 (Path Traversal). π **Flaw**: The `link` parameter in the `dzsap_download` action is not sanitized. β οΈ **Result**: Allows `../` sequences to escape the intended directory.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: ZoomIt. π¦ **Product**: ZoomSounds - WordPress Wave Audio Player with Playlist. π **Affected**: Versions **<= 6.45**. π **Platform**: WordPress sites using this plugin.
π **PoC**: Yes, available via Nuclei templates. π **Exploit**: Publicly shared on PacketStorm. π **Status**: Wild exploitation likely due to simplicity.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `dzsap_download` action. π₯ **Test**: Send `link=../../../../wp-config.php`. π οΈ **Tool**: Use Nuclei or manual HTTP requests. π **Indicator**: Response contains PHP config code.
Q8Is it fixed officially? (Patch/Mitigation)
π§ **Fix**: Update ZoomSounds plugin to **> 6.45**. π’ **Source**: Vendor advisory. β **Action**: Check WordPress dashboard for updates immediately.
Q9What if no patch? (Workaround)
π« **No Patch?**: Disable the plugin. π‘οΈ **WAF**: Block requests containing `../` in `link` param. π **Access**: Restrict `wp-config.php` via server config. π§Ή **Monitor**: Log for suspicious download attempts.