Vulnerabilities > Textpattern > Textpattern > 4.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-26852 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
| 2022-06-29 | CVE-2021-40642 | Missing Encryption of Sensitive Data vulnerability in Textpattern Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. | 4.3 |
| 2020-12-02 | CVE-2020-29458 | Cross-Site Request Forgery (CSRF) vulnerability in Textpattern 4.6.2 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | 6.8 |
| 2018-03-14 | CVE-2018-7474 | SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. | 7.5 |
| 2018-03-13 | CVE-2018-1000090 | XXE vulnerability in Textpattern 4.6.2 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. | 7.8 |