4.8
CVE-2024-13544
- EPSS 0.03%
- Veröffentlicht 11.02.2025 06:15:19
- Zuletzt bearbeitet 20.02.2025 16:11:08
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginZarinpal Paid Downloads <= 2.3 - Authenticated (Admin+) Arbitrary File Upload
The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Mögliche Gegenmaßnahme
Zarinpal Paid Download: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Zarinpal Paid Download
Version
* - 2.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amini7 ≫ Zarinpal Paid Download SwPlatformwordpress Version <= 2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.06 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.