8 matches found
CVE-2021-24890
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...
CVE-2021-24890
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...
CVE-2021-24890
The CVE-2021-24890 entry concerns the WordPress Scripts Organizer plugin (pre-3.0). The vulnerability is due to missing capability/CSRF checks in the saveScript AJAX action and lack of input validation, making it possible for unauthenticated users to upload arbitrary PHP code via the affected end...
WordPress plugin Scripts Organizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file upload...
PT-2022-9492 · WordPress · Scripts Organizer
Name of the Vulnerable Software and Affected Versions: Scripts Organizer WordPress plugin versions prior to 3.0 Description: The issue concerns the lack of capability and CSRF checks in the saveScript AJAX action, which is accessible to both unauthenticated and authenticated users. Additionally,...
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file POST /wp-admin/admin-ajax.php...
WordPress Scripts Organizer premium plugin < 3.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Ovidiu Maghetiu in WordPress Scripts Organizer premium plugin versions 3.0 Solution Update the WordPress Scripts Organizer plugin to the latest available version at least 3.0...
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file PoC POST /wp-admin/admin-ajax.php...