Textpattern

Textpattern

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-30452

  • EPSS 0.25%
  • Veröffentlicht 21.04.2026 00:00:00
  • Zuletzt bearbeitet 13.05.2026 15:18:25

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID paramet...

6.3

CVE-2026-5344

Exploit
  • EPSS 0.33%
  • Veröffentlicht 02.04.2026 14:45:09
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads ...

6.1

CVE-2026-32986

Exploit
  • EPSS 0.16%
  • Veröffentlicht 20.03.2026 15:42:04
  • Zuletzt bearbeitet 16.04.2026 14:44:02

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unesc...

5.4

CVE-2023-53911

Exploit
  • EPSS 0.26%
  • Veröffentlicht 17.12.2025 22:44:47
  • Zuletzt bearbeitet 27.12.2025 17:15:43

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when th...

8.8

CVE-2023-50038

Exploit
  • EPSS 0.81%
  • Veröffentlicht 28.12.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 08:36:29

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

7.2

CVE-2023-36220

Exploit
  • EPSS 2.88%
  • Veröffentlicht 07.08.2023 14:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:25

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

8.8

CVE-2023-24269

Exploit
  • EPSS 1.11%
  • Veröffentlicht 28.04.2023 22:15:08
  • Zuletzt bearbeitet 30.01.2025 21:15:09

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.

7.2

CVE-2023-26852

Exploit
  • EPSS 1.99%
  • Veröffentlicht 12.04.2023 17:15:07
  • Zuletzt bearbeitet 10.02.2025 16:15:33

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.

4.3

CVE-2021-40642

  • EPSS 0.43%
  • Veröffentlicht 29.06.2022 11:15:16
  • Zuletzt bearbeitet 21.11.2024 06:24:29

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure ...

4.8

CVE-2021-40658

Exploit
  • EPSS 0.54%
  • Veröffentlicht 14.06.2022 11:15:10
  • Zuletzt bearbeitet 21.11.2024 06:24:31

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.