Description
WordPress Plugin WordPress Backend Customizer-Everest Admin Theme Lite [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Backend Customizer-Everest Admin Theme Lite version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.8 or latest
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2001-0590)
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
WordPress Plugin YITH WooCommerce Product Bundles Security Bypass (1.1.15)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2153)
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-1303)