CVE-2021-24890 is a high-severity vulnerability affecting the Scripts Organizer WordPress plugin versions prior to 3.0. The vulnerability arises from missing authorization and Cross-Site Request Forgery (CSRF) protections in the saveScript AJAX action. This action is accessible to both unauthenticated and authenticated users without any capability checks or input validation. As a result, an attacker can exploit this flaw to inject arbitrary PHP code into files managed by the plugin. This injection capability effectively allows remote code execution (RCE) on the affected WordPress site. The vulnerability is categorized under CWE-862 (Missing Authorization) and CWE-352 (Cross-Site Request Forgery), indicating that the plugin fails to verify user permissions and does not protect against forged requests. The CVSS v3.1 base score is 8.8, reflecting the critical impact on confidentiality, integrity, and availability, combined with the ease of exploitation since no authentication is required and the attack vector is network-based. Although no known exploits are reported in the wild, the vulnerability poses a significant risk due to the potential for attackers to execute arbitrary PHP code, which could lead to full site compromise, data theft, defacement, or pivoting to other internal systems.

For European organizations using WordPress with the vulnerable Scripts Organizer plugin, this vulnerability could lead to severe consequences. Successful exploitation could result in unauthorized access to sensitive data, defacement of websites, or use of compromised servers as a foothold for further attacks within the corporate network. Given the widespread use of WordPress in Europe for corporate, governmental, and e-commerce websites, the risk is substantial. Attackers could leverage this vulnerability to disrupt business operations, damage brand reputation, or steal confidential information. Additionally, organizations subject to GDPR and other data protection regulations could face legal and financial penalties if personal data is compromised due to exploitation of this vulnerability.

European organizations should immediately verify if the Scripts Organizer plugin is installed and identify the version in use. If the plugin version is prior to 3.0, it is critical to upgrade to version 3.0 or later where the vulnerability is addressed. If an upgrade is not immediately possible, organizations should disable or remove the plugin to eliminate the attack surface. Additionally, web application firewalls (WAFs) can be configured to block suspicious AJAX requests targeting the saveScript action. Monitoring web server logs for unusual POST requests to the plugin’s AJAX endpoints can help detect exploitation attempts. Implementing strict file permission policies to prevent unauthorized PHP file modifications and conducting regular security audits of WordPress installations are also recommended. Finally, organizations should ensure that all WordPress plugins and core installations are kept up to date to reduce exposure to similar vulnerabilities.