HIGH
Textpattern
CVE published 2026-05-16
CVE-2021-47976
CVE-2021-47976 describes an authenticated remote code execution issue in Textpattern CMS 4.9.0-dev tied to the plugin upload flow. The supplied record says an attacker with valid access can abuse the upload path to place arbitrary PHP files under textpattern/tmp/, resulting in code execution. The NVD source item lists the issue with high impact and a CWE-352 association, indicating CSRF-related weaknesses [truncated]