Latest textpattern textpattern Vulnerabilities

CVE-2023-50038
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
Textpattern Textpattern=4.8.8
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
Textpattern Textpattern=4.8.8
CVE-2023-24269
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.
Textpattern Textpattern=4.8.8
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
Textpattern Textpattern<=4.8.8
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login...
Textpattern Textpattern<=4.8.7
CVE-2021-40658
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
Textpattern Textpattern=4.8.7
CVE-2021-44082
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshel...
Textpattern Textpattern=4.8.7
CVE-2021-28001
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the UR...
Textpattern Textpattern=4.8.4
CVE-2021-28002
Textpattern Textpattern=4.9.0
CVE-2020-23239
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
Textpattern Textpattern=4.8.1
CVE-2020-19510
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
Textpattern Textpattern=4.7.3
Microsoft Windows
CVE-2021-30209
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
Textpattern Textpattern=4.8.4
CVE-2020-35854
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
Textpattern Textpattern=4.8.4
CVE-2020-29458
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
Textpattern Textpattern=4.6.2
CVE-2015-8033
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
Textpattern Textpattern=4.5.7
CVE-2015-8032
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
Textpattern Textpattern=4.5.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203