The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.CreditsganjWPScanReferenceshttps://wpscan.com/vulnerability/07259a61-8ba9-4dd0-8d52-cc1df389c0ad
