CVE-2021-24684

CVE-2021-24684: PDF Light Viewer < 1.4.12 - Authenticated Command Injection

Vendor Unknown
Product WordPress PDF Light Viewer Plugin
Weakness CWE-78
Published October 18, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.

Key dates

02Disclosure timeline

October 18, 2021 CVE published
August 3, 2024 Record updated