Back to search
CVE-2021-24890
Published: Sep 26, 2022
Modified: May 21, 2025
PUBLISHED
Description
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
| Vendor | Product | Versions |
|---|---|---|
Unknown | scripts-organizer | affected 3.0 - < 3.0 |
References
https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7
x_refsource_CONFIRM
https://dplugins.com/products/scripts-organizer/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now