CVE-2021-24759

Name of the Vulnerable Software and Affected Versions: PDF.js Viewer WordPress plugin versions prior to 2.0.2

Description: The issue concerns the PDF.js Viewer WordPress plugin, where certain shortcode and Gutenberg Block attributes are not properly escaped. This could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

Recommendations: For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes and Gutenberg Blocks to minimize the risk of exploitation.