CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24890

The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.6%

CVSS Severity

CVSS v3 Score 8.8

References

https://dplugins.com/products/scripts-organizer/
https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7
https://dplugins.com/products/scripts-organizer/
https://wpscan.com/vulnerability/f3b450d2-84ce-4c13-ad6a-b60785dee7e7

Products affected by CVE-2021-24890

Dplugins » Scripts Organizer » Version: Any

cpe:2.3:a:dplugins:scripts_organizer:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24890

Products

Pricing

Contact Us