Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jpress jpress vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote malicious user to execute arbitrary code via a crafted script to the custom plug-in module function.
8.8
CVSSv3
CVE-2022-23330
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows malicious users to execute arbitrary code via a crafted JAR package.
Jpress Jpress 4.2.0
8.8
CVSSv3
CVE-2021-46114
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Jpress Jpress 4.2.0
7.2
CVSSv3
CVE-2021-46115
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
Jpress Jpress 4.2.0
7.2
CVSSv3
CVE-2021-46116
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
Jpress Jpress 4.2.0
7.2
CVSSv3
CVE-2021-46118
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Jpress Jpress 4.2.0
7.2
CVSSv3
CVE-2021-46117
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Jpress Jpress 4.2.0
8.8
CVSSv3
CVE-2021-45808
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.
Jpress Jpress 4.2.0
9.8
CVSSv3
CVE-2021-45807
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
Jpress Jpress 4.2.0
8.8
CVSSv3
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
Jpress Jpress 4.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »