CVE-2024-6486

Name of the Vulnerable Software and Affected Versions: ImageMagick Engine WordPress plugin versions prior to 1.7.11

Description: The issue allows authenticated attackers with administrator-level permission to execute arbitrary OS commands on the server, leading to remote code execution. This is achieved through OS Command Injection via the cli path parameter.

Recommendations: For versions prior to 1.7.11, update to version 1.7.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the cli path parameter to minimize the risk of exploitation.