Vulnerabilities > Textpattern
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-24269 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8 An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
| 2023-04-12 | CVE-2023-26852 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
| 2022-06-29 | CVE-2021-40642 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Textpattern Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. | 4.3 |
| 2022-06-14 | CVE-2021-40658 | Injection vulnerability in Textpattern 4.8.7 Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | 3.5 |
| 2022-03-29 | CVE-2021-44082 | Cross-site Scripting vulnerability in Textpattern 4.8.7 textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. | 5.1 |
| 2021-08-19 | CVE-2021-28001 | Cross-site Scripting vulnerability in Textpattern 4.8.4 A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. | 3.5 |
| 2021-08-19 | CVE-2021-28002 | Cross-site Scripting vulnerability in Textpattern 4.9.0 A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. | 3.5 |
| 2021-07-26 | CVE-2020-23239 | Cross-site Scripting vulnerability in Textpattern 4.8.1 Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | 3.5 |
| 2021-06-21 | CVE-2020-19510 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | 7.5 |
| 2021-04-15 | CVE-2021-30209 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 4.0 |