Jpress: community verdicts
8 notable / known-exploited Jpress CVEs the community has triaged.
- CVE-2021-46117HIGH 7.2Real · low riskEPSS 3%
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
- CVE-2021-46118HIGH 7.2Real · low riskEPSS 3%
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
- CVE-2021-45807CRIT 9.8Real · low riskEPSS 3%
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
- CVE-2021-46116HIGH 7.2Real · low riskEPSS 3%
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
- CVE-2021-45806HIGH 8.8Real · low riskEPSS 2%
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
- CVE-2021-46114HIGH 8.8Real · low riskEPSS 2%
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
- CVE-2021-45808HIGH 8.8Real · low riskEPSS 2%
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.
- CVE-2021-46115HIGH 7.2Real · low riskEPSS 1%
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.