cve/2024/CVE-2024-13544.md

### [CVE-2024-13544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13544)
![](https://img.shields.io/static/v1?label=Product&message=Zarinpal%20Paid%20Download&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)

### Description

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

### POC

#### Reference
- https://wpscan.com/vulnerability/91884263-62a7-436e-b19f-682b1aeb37d6/

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-13544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13544)`
			`![](https://img.shields.io/static/v1?label=Product&message=Zarinpal%20Paid%20Download&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)`

			`### Description`

			`The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/91884263-62a7-436e-b19f-682b1aeb37d6/`

			`#### Github`
			`No PoCs found on GitHub currently.`