Filtered by vendor Textpattern Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-30209 1 Textpattern 1 Textpattern 2024-08-03 6.5 Medium
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
CVE-2021-28001 1 Textpattern 1 Textpattern 2024-08-03 5.4 Medium
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
CVE-2021-28002 1 Textpattern 1 Textpattern 2024-08-03 5.4 Medium
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
CVE-2023-50038 1 Textpattern 1 Textpattern 2024-08-02 8.8 High
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
CVE-2023-36220 1 Textpattern 1 Textpattern 2024-08-02 7.2 High
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
CVE-2023-26852 1 Textpattern 1 Textpattern 2024-08-02 7.2 High
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVE-2023-24269 1 Textpattern 1 Textpattern 2024-08-02 8.8 High
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.