Vulnerabilities > Textpattern

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-21	CVE-2020-19510	Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. network low complexity textpattern CWE-434	7.5
2021-04-15	CVE-2021-30209	Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. network low complexity textpattern CWE-434	4.0
2021-01-26	CVE-2020-35854	Cross-site Scripting vulnerability in Textpattern 4.8.4 Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. network textpattern CWE-79	3.5
2020-12-02	CVE-2020-29458	Cross-Site Request Forgery (CSRF) vulnerability in Textpattern 4.6.2 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. network textpattern CWE-352	6.8
2020-08-14	CVE-2015-8033	Weak Password Requirements vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. network low complexity textpattern CWE-521	5.0
2020-08-14	CVE-2015-8032	Improper Privilege Management vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. network low complexity textpattern CWE-269	5.0
2018-03-14	CVE-2018-7474	SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. network low complexity textpattern CWE-89	7.5
2018-03-13	CVE-2018-1000090	XXE vulnerability in Textpattern 4.6.2 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. network low complexity textpattern CWE-611	7.8
2014-10-10	CVE-2014-4737	Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. network textpattern CWE-79	4.3
2012-01-05	CVE-2011-5019	Cross-Site Scripting vulnerability in Textpattern 4.4.1 Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. network textpattern CWE-79	4.3

Vulnerabilities > Textpattern {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Textpattern"}]}

Vulnerabilities > Textpattern