Vulnerabilities > Textpattern
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-21 | CVE-2020-19510 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | 7.5 |
2021-04-15 | CVE-2021-30209 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 4.0 |
2021-01-26 | CVE-2020-35854 | Cross-site Scripting vulnerability in Textpattern 4.8.4 Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | 3.5 |
2020-12-02 | CVE-2020-29458 | Cross-Site Request Forgery (CSRF) vulnerability in Textpattern 4.6.2 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | 6.8 |
2020-08-14 | CVE-2015-8033 | Weak Password Requirements vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | 5.0 |
2020-08-14 | CVE-2015-8032 | Improper Privilege Management vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | 5.0 |
2018-03-14 | CVE-2018-7474 | SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. | 7.5 |
2018-03-13 | CVE-2018-1000090 | XXE vulnerability in Textpattern 4.6.2 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. | 7.8 |
2014-10-10 | CVE-2014-4737 | Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | 4.3 |
2012-01-05 | CVE-2011-5019 | Cross-Site Scripting vulnerability in Textpattern 4.4.1 Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. | 4.3 |