Description
WordPress Plugin WordPress Backend Customizer-Everest Admin Theme Lite [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Backend Customizer-Everest Admin Theme Lite version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.8 or latest
References
Related Vulnerabilities
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)
WordPress Plugin Hide Featured Image Unspecified Vulnerability (1.1)
WeBid Other Vulnerability (CVE-2014-5114)
WordPress Plugin JSON Content Importer Cross-Site Scripting (1.3.15)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4289)