CVE-2024-13543

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 11, 2025

Updated: Feb 20, 2025

CWE ID 79

Summary

CVE-2024-13543 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Zarinpal Paid Download plugin for WordPress. Versions up to 2.3 are reportedly susceptible to this issue. An attacker can exploit this flaw by injecting malicious code as a parameter, which is not properly sanitized or escaped before being rendered on the page. High privilege users, including admins, are at risk of being targeted by such attacks. Successful exploitation could lead to unauthorized access, data theft, or even complete takeover of the affected WordPress site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2pER9t
https://www.cve.org/CVERecord?id=CVE-2024-13543
https://nvd.nist.gov/vuln/detail/CVE-2024-13543

Back to Vulnerability Database

CVE-2024-13543

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations