What is dzs-zoomsounds/savepng.php?

Created 17th August 2023
Updated 17th August 2023

This request is being scanned by bots looking for any Wordpress installation running ZoomSounds plugin, version under 6.05. The exploit was published around June 2021 and has a corresponding Metasploit module associated with it.

There was a vulnerability which allowed unauthenticated, arbitrary file upload - or to put it plainly, you could send a POST request with some payload and the plugin would save it to your server without authentication.

There have been other arbitrary file upload vulnerabilities in this plugin over the years: CVE-2015-9471 documents a simple attack on the plugin; and more recently, CVE-2021-39316 documents a traversal attack. The plugin is fairly unsafe given it's long and colourful history as being an attack vector and I'd advise Wordpress owners to find alternatives.

If you're running this plugin, ensure it's up to date. If you know you're not running this plugin or Wordpress, you're probably safe to disregard this.

---

References

1. WPScan Vulnerability Database. (n.d.). ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload. Retrieved August 17th, 2023, from https://wpscan.com/vulnerability/07259a61-8ba9-4dd0-8d52-cc1df389c0ad
2. Uriel Yochpaz. (2021). WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated). Exploit Database. Retrieved August 17th, 2023, from https://www.exploit-db.com/exploits/50753
3. Uriel Yochpaz. (n.d.). Exploit-WordPress-Plugin-DZS-Zoomsounds. Retrieved Month Day, Year, from https://github.com/UrielYochpaz/Exploit-WordPress-Plugin-DZS-Zoomsounds

---

Other known request paths

1. dzs-zoomsounds/savepng.php
2. /wp-content/plugins/dzs-zoomsounds/savepng.php?location=1877.php