Lucene search
WPScanCVELIST:CVE-2021-24890HistorySep 26, 2022 - 12:35 p.m.
CVE-2021-24890 Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
2022-09-2612:35:29
CWE-862
CWE-352
WPScan
www.cve.org
4
wordpress plugin
unauthenticated
arbitrary file upload
csrf checks
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
CNA Affected
[
{
"product": "scripts-organizer",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
WordPress Scripts Organizer Arbitrary File Upload Vulnerability
2022-09-28 00:00:00
wpexploit
wpexploit
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
2022-09-05 00:00:00
nvd
nvd
CVE-2021-24890
2022-09-26 13:15:09
cve
cve
CVE-2021-24890
2022-09-26 13:15:09
prion
prion
Cross site request forgery (csrf)
2022-09-26 13:15:00
patchstack
patchstack
wpvulndb
wpvulndb
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
2022-09-05 00:00:00