Unrated severityNVD Advisory· Published Sep 26, 2022· Updated May 21, 2025
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
CVE-2021-24890
Description
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Scripts Organizerdescription
- Range: <3.0
Patches
Vulnerability mechanics
References
2- dplugins.com/products/scripts-organizer/mitrex_refsource_MISC
- wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.