Amini7 Zarinpal_paid_download
2 CVEs affecting Amini7 Zarinpal_paid_download. Latest disclosed: 2025-02-11. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-13543 | Medium | 6.1 | 2025-02-11 | The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected… |
CVE-2024-13544 | Medium | 4.8 | 2025-02-11 | The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitr… |