CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...

7.2CVSS7.9AI score0.01994EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:9 a.m.•6 views

CVE-2023-50038

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...

8.8CVSS7AI score0.00811EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:0 a.m.•9 views

CVE-2023-36220

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...

7.2CVSS7.4AI score0.02875EPSS

Exploits1

RedhatCVE•added 2025/05/23 3:21 a.m.•5 views

CVE-2023-24269

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file...

8.8CVSS7.7AI score0.0111EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:33 p.m.•6 views

CVE-2021-28001

A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...

5.4CVSS7AI score0.01019EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:52 p.m.•7 views

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

8.3CVSS6.5AI score0.02845EPSS

Exploits1

RedhatCVE•added 2025/05/22 6:31 p.m.•8 views

CVE-2021-30209

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions...

6.5CVSS7AI score0.00755EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:14 p.m.•7 views

CVE-2020-23239

Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...

4.8CVSS5.9AI score0.0051EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:55 p.m.•5 views

CVE-2020-19510

Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...

9.8CVSS6.9AI score0.0146EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:30 p.m.•6 views

CVE-2020-35854

Textpattern 4.8.4 is affected by cross-site scripting XSS in the Body parameter...

4.8CVSS5.9AI score0.0073EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:28 p.m.•6 views

CVE-2020-29458

Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem...

8.8CVSS7AI score0.0065EPSS

Exploits1

RedhatCVE•added 2025/05/22 12:42 a.m.•6 views

CVE-2011-3807

Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplibdb.php and certain other files...

5CVSS6.5AI score0.01229EPSS

Exploits0References1