CVE-2023-26852

HIGH

Textpattern <4.8.8 - RCE

Title source: llm

Description

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.

Exploits (1)

nomisec WRITEUP

by leekenghwa · poc

https://github.com/leekenghwa/CVE-2023-26852-Textpattern-v4.8.8-and-

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://drive.google.com/drive/folders/1x55FGWZydBRxFyTVIAL1ynnk1X7gfIq9?usp=sharing

[Exploit, Third Party Advisory] https://github.com/leekenghwa/CVE-2023-26852-Textpattern-v4.8.8-and-

[Product] https://github.com/textpattern/textpattern

Scores

CVSS v3 7.2

EPSS 0.1717

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

textpattern/textpattern < 4.8.8

Published Apr 12, 2023

Tracked Since Feb 18, 2026