Vulnerabilities > Jpress

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-8304 Path Traversal vulnerability in Jpress
A vulnerability has been found in jpress up to 5.1.1 and classified as critical.
network
low complexity
jpress CWE-22
4.9
4.9
2022-02-04 CVE-2022-23330 Unspecified vulnerability in Jpress 4.2.0
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
network
low complexity
jpress
8.8
8.8
2022-01-26 CVE-2021-46114 Code Injection vulnerability in Jpress 4.2.0
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
8.8
8.8
2022-01-26 CVE-2021-46115 Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile.
network
low complexity
jpress CWE-434
7.2
7.2
2022-01-26 CVE-2021-46116 Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall.
network
low complexity
jpress CWE-434
7.2
7.2
2022-01-26 CVE-2021-46118 Code Injection vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
7.2
7.2
2022-01-26 CVE-2021-46117 Code Injection vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
7.2
7.2
2022-01-19 CVE-2021-45808 Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0
jpress v4.2.0 allows users to register an account by default.
network
low complexity
jpress CWE-434
8.8
8.8
2022-01-13 CVE-2021-45807 Unspecified vulnerability in Jpress 4.2.0
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
network
low complexity
jpress
critical
 9.8
9.8
2022-01-13 CVE-2021-45806 Code Injection vulnerability in Jpress 4.2.0
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
network
low complexity
jpress CWE-94
8.8
8.8