CVE-2024-13776
📋 TL;DR
The ZoomSounds WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify WordPress option values. This can lead to denial of service by creating site errors or potentially enabling features like user registration. All WordPress sites using ZoomSounds plugin versions up to 6.91 are affected.
💻 Affected Systems
- ZoomSounds - WordPress Wave Audio Player with Playlist
📦 What is this software?
Zoomsounds by Digitalzoomstudio
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable the entire WordPress site by setting critical options to values that cause fatal errors, creating persistent denial of service for all legitimate users.
Likely Case
Attackers with subscriber accounts modify plugin settings to disrupt audio functionality or enable unwanted features, causing service degradation.
If Mitigated
With proper user role management and network segmentation, impact is limited to minor configuration changes that can be quickly reverted.
🎯 Exploit Status
Exploitation requires authenticated access but uses simple AJAX calls. The vulnerability is well-documented in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 6.91
Vendor Advisory: https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ZoomSounds plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allRemove or block access to the vulnerable 'dzsap_delete_notice' AJAX action
Add to theme's functions.php or custom plugin: remove_action('wp_ajax_dzsap_delete_notice', 'dzsap_delete_notice');
Add to .htaccess if using Apache: RewriteRule ^wp-admin/admin-ajax\.php.*dzsap_delete_notice - [F]
🧯 If You Can't Patch
- Deactivate and remove the ZoomSounds plugin completely
- Implement strict user role management and audit all subscriber-level accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for ZoomSounds version 6.91 or lowerCheck Version:
wp plugin list --name=zoomsounds --field=version (if WP-CLI installed)Verify Fix Applied:
Verify ZoomSounds plugin version is higher than 6.91 or plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=dzsap_delete_notice
- Unauthorized option value changes in WordPress database
Network Indicators:
- AJAX calls to dzsap_delete_notice endpoint from non-admin users
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "dzsap_delete_notice"