jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Metrics
Affected Vendors & Products
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published: 2022-01-26T18:50:02.000Z
Updated: 2026-07-09T00:16:28.929Z
Reserved: 2022-01-03T00:00:00.000Z
Link: CVE-2021-46114
No data.
Status : Modified
Published: 2022-01-26T19:15:08.290
Modified: 2026-06-17T04:14:33.570
Link: CVE-2021-46114
No data.