Ppress

ppress

Vendor: Yandaozi • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54815 1Yandaozi 1Ppress Sep 25, 2025 Sep 19, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.
CVE-2025-54761 1Yandaozi 1Ppress Sep 25, 2025 Sep 19, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
CVE-2025-52159 1Yandaozi 1Ppress Sep 25, 2025 Sep 19, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Hardcoded credentials in default configuration of PPress 0.0.9.
CVE-2025-25973 1Yandaozi 1Ppress Sep 23, 2025 Feb 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and a...Show more A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters.Show less