Known Vulnerabilities for products from Textpattern

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Textpattern".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-32986 json Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject mali... Not Provided 2026-03-20 2026-04-16
CVE-2026-30452 json Not Provided 2026-04-21 2026-04-22
CVE-2026-5344 json Not Provided 2026-04-02 2026-04-02
CVE-2023-50038 json 8.8 - HIGH 2023-12-28 2024-01-04
CVE-2023-36220 json Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code ... 7.2 - HIGH 2023-08-07 2023-08-09
CVE-2023-26852 json An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbit... 7.2 - HIGH 2023-04-12 2023-04-21
CVE-2023-24269 json An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitr... 8.8 - HIGH 2023-04-28 2023-05-08
CVE-2021-44082 json textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated a... 8.3 - HIGH 2022-03-29 2022-04-06
CVE-2021-40658 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 4.8 - MEDIUM 2022-06-14 2023-08-08
CVE-2021-40642 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 4.3 - MEDIUM 2022-06-29 2023-08-08
CVE-2021-30209 json Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without an... 6.5 - MEDIUM 2021-04-15 2021-04-23
CVE-2021-28002 json A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows... 5.4 - MEDIUM 2021-08-19 2021-08-23
CVE-2021-28001 json A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote at... 5.4 - MEDIUM 2021-08-19 2021-08-23
CVE-2020-35854 json Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. 4.8 - MEDIUM 2021-01-26 2021-02-01
CVE-2020-29458 json Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. 8.8 - HIGH 2020-12-02 2020-12-02
CVE-2020-23239 json Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. 4.8 - MEDIUM 2021-07-26 2021-07-30
CVE-2020-19510 json Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. 9.8 - CRITICAL 2021-06-21 2021-06-24
CVE-2018-1000090 json textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of s... 7.5 - HIGH 2018-03-13 2018-04-13
CVE-2018-7474 json An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the ... 9.8 - CRITICAL 2018-03-14 2018-04-11
CVE-2015-8033 json In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. 5.3 - MEDIUM 2020-08-14 2020-08-20
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Textpattern

Type Vendor Product Version
ApplicationTextpatternTextpattern1.0