CVE ID :CVE-2021-47976 Published : May 16, 2026, 3:26 p.m. | 32 minutes ago Description :TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...