Vulnerabilities > Jpress

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2022-23330 Unspecified vulnerability in Jpress 4.2.0
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
network
low complexity
jpress
6.5
2022-01-26 CVE-2021-46114 Code Injection vulnerability in Jpress 4.2.0
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
6.5
2022-01-26 CVE-2021-46115 Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile.
network
low complexity
jpress CWE-434
6.5
2022-01-26 CVE-2021-46116 Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall.
network
low complexity
jpress CWE-434
6.5
2022-01-26 CVE-2021-46118 Code Injection vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
6.5
2022-01-26 CVE-2021-46117 Code Injection vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
6.5
2022-01-19 CVE-2021-45808 Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0
jpress v4.2.0 allows users to register an account by default.
network
low complexity
jpress CWE-434
6.5
2022-01-13 CVE-2021-45807 Unspecified vulnerability in Jpress 4.2.0
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
network
low complexity
jpress
critical
9.8
2022-01-13 CVE-2021-45806 Code Injection vulnerability in Jpress 4.2.0
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
network
low complexity
jpress CWE-94
6.5
2021-06-18 CVE-2021-33347 Cross-site Scripting vulnerability in Jpress 1.0/1.0.4
An issue was discovered in JPress v3.3.0 and below.
network
jpress CWE-79
3.5