Textpattern: >> Textpattern >> 4.8.8 Security Vulnerabilities
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-17
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-28
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
CVSS Score
7.2
EPSS Score
0.027
Published
2023-08-07
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-28
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.057
Published
2023-04-12