2 matches found
CVE-2021-24684
The CVE applies to the WordPress PDF Light Viewer Plugin for WordPress, affected in versions prior to 1.4.12. The root cause is an OS Command Injection via Ghostscript, exploitable by users with Author roles, enabling arbitrary command execution on the server. Impact is high (remote execution, se...
CVE-2021-24684 PDF Light Viewer < 1.4.12 - Authenticated Command Injection
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...