Vulnerabilities > Textpattern
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2020-19510 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | 9.8 |
| 2021-04-15 | CVE-2021-30209 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 6.5 |
| 2021-01-26 | CVE-2020-35854 | Cross-site Scripting vulnerability in Textpattern 4.8.4 Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | 4.8 |
| 2020-12-02 | CVE-2020-29458 | Cross-Site Request Forgery (CSRF) vulnerability in Textpattern 4.6.2 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | 8.8 |
| 2020-08-14 | CVE-2015-8033 | Weak Password Requirements vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | 5.3 |
| 2020-08-14 | CVE-2015-8032 | Improper Privilege Management vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | 5.3 |
| 2018-03-14 | CVE-2018-7474 | SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. | 9.8 |
| 2018-03-13 | CVE-2018-1000090 | XXE vulnerability in Textpattern 4.6.2 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. | 7.5 |