LOW
JPress Projects
CVE published 2026-05-24
CVE-2026-9376
A low-severity improper authorization vulnerability exists in JPress versions up to 1.0.3. The affected endpoint is `/ucenter/article/doWriteSave` in the UCenter Article Submission component. Manipulation of the `id` or `userId` parameters can lead to unauthorized actions. The vulnerability is remotely exploitable, and proof-of-concept exploit details have been publicly disclosed. The project maintainers [truncated]