Vulnerabilities > Textpattern

DATE CVE VULNERABILITY TITLE RISK
2021-08-19 CVE-2021-28001 Cross-site Scripting vulnerability in Textpattern 4.8.4
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field.
3.5
2021-08-19 CVE-2021-28002 Cross-site Scripting vulnerability in Textpattern 4.9.0
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field.
3.5
2021-07-26 CVE-2020-23239 Cross-site Scripting vulnerability in Textpattern 4.8.1
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
3.5
2021-06-21 CVE-2020-19510 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
network
low complexity
textpattern CWE-434
7.5
2021-04-15 CVE-2021-30209 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
network
low complexity
textpattern CWE-434
4.0
2021-01-26 CVE-2020-35854 Cross-site Scripting vulnerability in Textpattern 4.8.4
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
3.5
2020-12-02 CVE-2020-29458 Cross-Site Request Forgery (CSRF) vulnerability in Textpattern 4.6.2
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
6.8
2020-08-14 CVE-2015-8033 Weak Password Requirements vulnerability in Textpattern 4.5.7
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
network
low complexity
textpattern CWE-521
5.0
2020-08-14 CVE-2015-8032 Improper Privilege Management vulnerability in Textpattern 4.5.7
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
network
low complexity
textpattern CWE-269
5.0
2018-03-14 CVE-2018-7474 SQL Injection vulnerability in Textpattern
An issue was discovered in Textpattern CMS 4.6.2 and earlier.
network
low complexity
textpattern CWE-89
7.5