We have received a proof-of-concept (PoC) for a remote code execution (RCE) vulnerability affecting the WP Manager interface in the OpenPanel UI, which is exploitable only by a logged‑in OpenPanel account.
This issue has been addressed in the 1.7.1 update.
Details of the vulnerability will be publicly disclosed in this thread at least 30 days after the release to allow users adequate time to apply the update.
Users are strongly advised to update to version 1.7.1 as soon as possible to mitigate potential risks.