cleantalk
Vulnerabilities and Security Researches

Zarinpal Paid Download, CVE-2024-13543

CVE, Research URL

CVE-2024-13543

Home page URL

Security reports for Zarinpal Paid Download

Application

Zarinpal Paid Download

Published on
Feb 11, 2025
Research Description
The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
max 2.3.
Status
vulnerable
Previous vulnerability researches
Paid Downloads (7b8687f1f31900513fbd409159e7db1eb5299096) , Jun 15, 2026
Paid Downloads (da2b9264-2aa3-45b8-8db2-08b3cf0eab43) , Jun 15, 2026
Paid Downloads (68bf60106928ab6c04cb06ee967b5415f05a33b5) , Jun 07, 2024
Paid Downloads (CVE-2025-68857) , Jan 27, 2026
Zarinpal Paid Download (CVE-2024-13543) , Feb 02, 2025
New vulnerability
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026