CVE-2021-24890

Name of the Vulnerable Software and Affected Versions Scripts Organizer WordPress plugin versions prior to 3.0

Description The issue concerns the lack of capability and CSRF checks in the saveScript AJAX action, which is accessible to both unauthenticated and authenticated users. Additionally, the plugin does not validate user input, potentially allowing unauthenticated users to insert arbitrary PHP code into a file.

Recommendations For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider disabling the saveScript AJAX action until a patch is available. Restrict access to the Scripts Organizer WordPress plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.