VYPR

Zarinpal Paid Downloads

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-22766HigJan 15, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download zarinpal-paid-downloads allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through <= 2.3.

  • CVE-2024-13543MedFeb 11, 2025
    risk 0.40cvss 6.1epss 0.01

    The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2024-13544MedFeb 11, 2025
    risk 0.31cvss 4.8epss 0.00

    The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)