Vulnerabilities > Textpattern

DATE CVE VULNERABILITY TITLE RISK
2023-12-28 CVE-2023-50038 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
network
low complexity
textpattern CWE-434
8.8
2023-08-07 CVE-2023-36220 Path Traversal vulnerability in Textpattern 4.8.8
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
network
low complexity
textpattern CWE-22
7.2
2023-04-28 CVE-2023-24269 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.
network
low complexity
textpattern CWE-434
8.8
2023-04-12 CVE-2023-26852 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
network
low complexity
textpattern CWE-434
7.2
2022-06-29 CVE-2021-40642 Missing Encryption of Sensitive Data vulnerability in Textpattern
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php.
network
low complexity
textpattern CWE-311
4.3
2022-06-14 CVE-2021-40658 Cross-site Scripting vulnerability in Textpattern 4.8.7
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
network
low complexity
textpattern CWE-79
4.8
2022-03-29 CVE-2021-44082 Cross-site Scripting vulnerability in Textpattern 4.8.7
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body.
network
high complexity
textpattern CWE-79
5.1
2021-08-19 CVE-2021-28001 Cross-site Scripting vulnerability in Textpattern 4.8.4
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field.
3.5
2021-08-19 CVE-2021-28002 Cross-site Scripting vulnerability in Textpattern 4.9.0
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field.
3.5
2021-07-26 CVE-2020-23239 Cross-site Scripting vulnerability in Textpattern 4.8.1
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
3.5