CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-13543

The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.1%

CVSS Severity

CVSS v3 Score 6.1

References

https://wpscan.com/vulnerability/04a545c4-75d3-4672-8530-00bb879991ca/

Products affected by CVE-2024-13543

Amini7 » Zarinpal Paid Download » Version: N/A

cpe:2.3:a:amini7:zarinpal_paid_download:-
Amini7 » Zarinpal Paid Download » Version: 1.0

cpe:2.3:a:amini7:zarinpal_paid_download:1.0
Amini7 » Zarinpal Paid Download » Version: 2.3

cpe:2.3:a:amini7:zarinpal_paid_download:2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13543

Products

Pricing

Contact Us