CVE-2026-16205
In Pluck CMS up to version 4.7.21, the vulnerability affects the Albums Module (data/modules/albums/albums.admin.php) via the function htmlspecialchars_decode. Manipulating the Info argument can trigger cross-site scripting, with remote exploitation possible. Public exploit exists. The project wa...