The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
Metrics
Affected Vendors & Products
References
History
Wed, 21 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: WPScan
Published: 2022-09-26T12:35:29.000Z
Updated: 2025-05-21T19:27:31.158Z
Reserved: 2021-01-14T00:00:00.000Z
Link: CVE-2021-24890

Updated: 2024-08-03T19:49:14.364Z

Status : Modified
Published: 2022-09-26T13:15:09.820
Modified: 2025-05-21T20:15:25.063
Link: CVE-2021-24890

No data.