High severity8.8NVD Advisory· Published May 16, 2026· Updated May 18, 2026
CVE-2021-47976
CVE-2021-47976
Description
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 4.9.0-dev
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.