Vulnerabilities > Jpress > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-8304 | Path Traversal vulnerability in Jpress A vulnerability has been found in jpress up to 5.1.1 and classified as critical. | 4.9 |
| 2022-02-04 | CVE-2022-23330 | Unspecified vulnerability in Jpress 4.2.0 A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | 6.5 |
| 2022-01-26 | CVE-2021-46114 | Code Injection vulnerability in Jpress 4.2.0 jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. | 6.5 |
| 2022-01-26 | CVE-2021-46115 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. | 6.5 |
| 2022-01-26 | CVE-2021-46116 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. | 6.5 |
| 2022-01-26 | CVE-2021-46118 | Code Injection vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. | 6.5 |
| 2022-01-26 | CVE-2021-46117 | Code Injection vulnerability in Jpress 4.2.0 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. | 6.5 |
| 2022-01-19 | CVE-2021-45808 | Unrestricted Upload of File with Dangerous Type vulnerability in Jpress 4.2.0 jpress v4.2.0 allows users to register an account by default. | 6.5 |
| 2022-01-13 | CVE-2021-45806 | Code Injection vulnerability in Jpress 4.2.0 jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. | 6.5 |