CVE-2021-24684
HIGHWordPress PDF Light Viewer <1.4.12 - Command Injection
Title source: llmDescription
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/b5295bf9-8cf6-416e-b215-074742a5fc63
Scores
CVSS v3
8.8
EPSS
0.0427
EPSS Percentile
89.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
teamlead/pdf-light-viewer
< 1.4.12
Published
Oct 18, 2021
Tracked Since
Feb 18, 2026