Lucene search
+L

4 matches found

NVD
NVD
added 2025/02/11 6:15 a.m.8 views

CVE-2024-13544

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

4.8CVSS0.00321EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/11 6:0 a.m.8 views

CVE-2024-13544 Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

5.7AI score0.00321EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/11 6:0 a.m.14 views

CVE-2024-13544 Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

0.00321EPSS
Exploits1References1
CVE
CVE
added 2025/02/11 6:0 a.m.47 views

CVE-2024-13544

CVE-2024-13544 affects the Zarinpal Paid Download WordPress plugin (versions up to 2.3). The vulnerability stems from improper validation of uploaded files, enabling high-privilege users (e.g., admins, including in multisite) to upload arbitrary files to the server. Reported risk and impact in co...

4.8CVSS6.1AI score0.00321EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder