Zarinpal Paid Download WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability exists in the Zarinpal Paid Download WordPress plugin, affecting versions through 2.3, due to improper validation of uploaded files. This flaw allows high-privilege users, such as administrators, to upload arbitrary files to the server, even in scenarios where such actions should be restricted, like in a multisite setup.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads on the server, potentially allowing for further attacks such as executing uploaded malicious files or causing a denial-of-service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zarinpal Paid Download WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

Impact

Affected Products

Zarinpal Paid Download

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating