Description
WordPress Plugin WordPress PDF Light Viewer is prone to a command injection vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application. WordPress Plugin WordPress PDF Light Viewer version 1.4.11 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.12 or latest
References
Related Vulnerabilities
Oracle JRE CVE-2013-2446 Vulnerability (CVE-2013-2446)
WordPress Plugin GorillaForms-Custom Contact Forms Unspecified Vulnerability (2.0.3)
WordPress Plugin FireStats Arbitrary File Download (1.6.5)
Oracle JRE CVE-2011-3546 Vulnerability (CVE-2011-3546)
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)