Description
WordPress Plugin WordPress PDF Light Viewer is prone to a command injection vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application. WordPress Plugin WordPress PDF Light Viewer version 1.4.11 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.12 or latest
References
Related Vulnerabilities
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-0792)
WordPress Plugin bbPress Multiple Vulnerabilities (2.6.4)
WordPress Plugin College publisher Import Arbitrary File Upload (0.1)
TYPO3 Files or Directories Accessible to External Parties Vulnerability (CVE-2021-21355)
Jenkins Incorrect Authorization Vulnerability (CVE-2021-21692)