Description
WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup is prone to multiple vulnerabilities, including arbitrary file download and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to gain access to sensitive information, which may aid in launching further attacks, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup version 4.11.33 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.11.37 or latest