Amini7

amini7

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Zarinpal Paid Download

zarinpal_paid_download

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13544 1Amini7 1Zarinpal Paid Download Feb 20, 2025 Feb 11, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed...Show more The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)Show less
CVE-2024-13543 1Amini7 1Zarinpal Paid Download Feb 20, 2025 Feb 11, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privile...Show more The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-13544

1Amini7

1Zarinpal Paid Download

Feb 20, 2025

Feb 11, 2025

N/A· v4

4.8 MEDIUM· v3

N/A· v2

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed...Show more

CVE-2024-13543