jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
Jpress
NVD
GitHub
VulDB
CVSS 3.1
9.8
EPSS
2.6%