CVE-2021-47976

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

CVE-2021-47976

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...

Textpattern CMS 跨站请求伪造漏洞

TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.9.0-dev of TextPattern CMS has a cross-site request forgeing vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated attackers to use the plugin uploa...

PT-2026-41462

Name of the Vulnerable Software and Affected Versions TextPattern CMS version 4.9.0-dev Description Authenticated attackers can achieve remote code execution by exploiting the plugin upload functionality. The process involves authenticating, retrieving a CSRF token from the plugin event page, and...

CVE-2021-47943

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

EUVD-2021-34803

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

CVE-2021-47943

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

CVE-2021-47943 TextPattern CMS 4.8.7 Remote Code Execution via File Upload

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

CVE-2021-47943

TextPattern CMS 4.8.7 is affected by a remote code execution (RCE) vulnerability exploitable via file upload. The flaw allows authenticated attackers to upload PHP files (a PHP shell) through the Files section in the content area and trigger code execution by accessing the uploaded file at /textp...

CVE-2021-47943 TextPattern CMS 4.8.7 Remote Code Execution via File Upload

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

Textpattern CMS 代码问题漏洞

TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.8.7 of TextPattern CMS has a code vulnerability that stems from a remote code execution flaw in the file upload function. This vulnerability could allow authenticated attackers to execute...

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

CVE-2026-30452

CVE-2026-30452 affects Textpattern CMS 4.9.0. A Broken Access Control flaw in the article management workflow lets authenticated users with low privileges modify articles owned by higher-privilege users. By altering the article ID parameter during the duplicate-and-save process in textpattern/inc...

CVE-2026-32986

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

EUVD-2026-13724

A Second-Order Cross-Site Scripting XSS vulnerability exists in Textpattern CMS version 4.9.0 due to improper sanitization and contextual encoding of user-supplied input embedded within Atom feed XML elements. User-controlled parameters e.g., category are reflected into Atom fields such as and...

CVE-2026-32986 Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

PT-2026-26626

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern version 4.9.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Textpattern 4.9.0 Second-Order XSS via Atom Feed Injection | | Autho...

CVE-2021-28002

A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...