An issue in Jpress v.5.1.0 allows a remote malicious user to execute arbitrary code via a crafted script to the custom plug-in module function.