The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
History

Wed, 21 May 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-09-26T12:35:29.000Z

Updated: 2025-05-21T19:27:31.158Z

Reserved: 2021-01-14T00:00:00.000Z

Link: CVE-2021-24890

cve-icon Vulnrichment

Updated: 2024-08-03T19:49:14.364Z

cve-icon NVD

Status : Modified

Published: 2022-09-26T13:15:09.820

Modified: 2025-05-21T20:15:25.063

Link: CVE-2021-24890

cve-icon Redhat

No data.