Vulnerability Description
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dplugins | Scripts Organizer | < 3.0 |
Related Weaknesses (CWE)
References
- https://dplugins.com/products/scripts-organizer/Product
- https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7ExploitPatchThird Party Advisory
- https://dplugins.com/products/scripts-organizer/Product
- https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7ExploitPatchThird Party Advisory
FAQ
What is CVE-2021-24890?
CVE-2021-24890 is a vulnerability with a CVSS score of 8.8 (HIGH). The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not valida...
How severe is CVE-2021-24890?
CVE-2021-24890 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24890?
Check the references section above for vendor advisories and patch information. Affected products include: Dplugins Scripts Organizer.