Unrestricted Account Registration and Arbitrary File Upload Vulnerability in jPress v4.2.0

Unrestricted Account Registration and Arbitrary File Upload Vulnerability in jPress v4.2.0

CVE-2021-45808 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.

Learn more about our Cis Benchmark Audit For Server Software.