cbcvebase.

Textpattern Cms vulnerabilities

3 known vulnerabilities affecting textpattern/textpattern_cms.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-47976P2HIGHCVSS 8.8v4.9.0-dev2026-05-16
CVE-2021-47976 [HIGH] CWE-352 CVE-2021-47976: TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated a TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution.
nvd
CVE-2021-47943P3HIGHCVSS 8.8v4.8.72026-05-10
CVE-2021-47943 [HIGH] CWE-434 CVE-2021-47943: TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attac TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/fil
nvd
CVE-2026-32986P4MEDIUMCVSS 6.1v4.9.02026-03-20
CVE-2026-32986 [MEDIUM] CWE-79 CVE-2026-32986: Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category that are reflected into Atom fields like and , which exec
nvd
Textpattern Cms vulnerabilities | cvebase