Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ZoomIt — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting ZoomIt. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ZoomIt is a screen zooming and annotation tool primarily used for presentations and demonstrations. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The application has accumulated 11 CVEs, with several allowing attackers to execute arbitrary code or bypass security controls. Notable incidents include flaws that could enable unauthorized access to system resources and improper input validation leading to XSS attacks. Despite its utility, ZoomIt's security track record indicates potential risks, particularly in environments where untrusted users might interact with the application or where systems lack additional security controls.

Top products by ZoomIt: ZoomSounds - WordPress Wave Audio Player with Playlist WooCommerce Shop Page Builder ZoomSounds FoodMenu DZS Video Gallery
CVE IDTitleCVSSSeverityPublished
CVE-2025-49049 WordPress DZS Video Gallery plugin <= 12.39 - SQL Injection vulnerability — DZS Video GalleryCWE-89 8.5 High2026-01-22
CVE-2025-28999 WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability — WooCommerce Shop Page BuilderCWE-79 7.1 High2025-08-14
CVE-2025-29014 WordPress FoodMenu <= 1.20 - Cross Site Scripting (XSS) Vulnerability — FoodMenuCWE-79 7.1 High2025-08-14
CVE-2025-29001 WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability — WooCommerce Shop Page BuilderCWE-862 4.3 Medium2025-07-04
CVE-2025-47568 WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability — ZoomSoundsCWE-502 9.8 Critical2025-05-23
CVE-2025-3431 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download — ZoomSounds - WordPress Wave Audio Player with PlaylistCWE-73 7.5 High2025-04-08
CVE-2025-0839 ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ZoomSounds - WordPress Wave Audio Player with PlaylistCWE-79 6.4 Medium2025-04-05
CVE-2024-13776 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation — ZoomSounds - WordPress Wave Audio Player with PlaylistCWE-862 8.1 High2025-04-05
CVE-2024-13777 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection — ZoomSounds - WordPress Wave Audio Player with PlaylistCWE-502 8.1 High2025-03-05
CVE-2021-4449 ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload — ZoomSounds - WordPress Wave Audio Player with PlaylistCWE-434 9.8 Critical2024-10-16
CVE-2021-39316 ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure — ZoomSounds - WordPress Wave Audio Player with PlaylistCWE-22 7.5 High2021-08-31

This page lists every published CVE security advisory associated with ZoomIt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.