CVE-2021-24684

October 22, 2021

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.

Summary:

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.

Reference Links(if available):

  • https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:C/I:C/A:C

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    April 18, 2024
    CISA Logo

    CISA: CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

    April 18, 2024
    CISA Logo

    CISA: CISA Releases Nine Industrial Control Systems Advisories

    April 18, 2024
    CISA Logo

    CISA: Compromise of Sisense Customer Data

    April 18, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    April 18, 2024