{"id":56437,"date":"2025-07-01T15:53:42","date_gmt":"2025-07-01T15:53:42","guid":{"rendered":""},"modified":"2025-08-31T06:31:58","modified_gmt":"2025-08-31T12:31:58","slug":"cve-2021-4457-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-zoomsounds-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2021-4457-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-zoomsounds-plugin\/","title":{"rendered":"CVE-2021-4457: Critical Unauthenticated Arbitrary File Upload Vulnerability in ZoomSounds Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The world of cybersecurity is always on the move, with vulnerabilities cropping up regularly. Recently, a significant security flaw-CVE-2021-4457-has been identified in the ZoomSounds WordPress plugin. This vulnerability is particularly concerning as it can lead<\/a> to potential system compromise or data leakage. Given the popularity of WordPress and the widespread use of plugins, this vulnerability has a broad impact surface and poses a serious<\/a> risk to a large number of websites.
\nZoomSounds, a widely-used audio player plugin, is used by countless websites to add multimedia features. However, versions of the plugin prior to 6.05 contain a critical flaw that allows unauthenticated users to upload arbitrary files<\/a> anywhere on the web server, thus putting the integrity, confidentiality, and availability of the data at risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2021-4457
\nSeverity: Critical (9.1 CVSS score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n