496 matches found
CVE-2026-31205
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
EUVD-2026-26959
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
CVE-2026-31205
CVE-2026-31205 describes a stored cross‑site scripting vulnerability in Pluck CMS prior to 4.7.21dev. The issue allows a remote attacker to escalate privileges via the editpage.php flow and the sanitizePageContent function. The description does not specify affected versions beyond the 4.7.21dev l...
Pluck CMS 跨站脚本漏洞
Pluck CMS is an open-source content management system developed by Plunk CMS. Versions of Pluck CMS prior to 4.7.21dev contained a cross-site scripting vulnerability. This vulnerability stemmed from the editpage.php and sanitizePageContent functions, which allowed remote attackers to gain elevate...
CVE-2026-31205
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
CVE-2026-31205
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
CVE-2026-31205
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
PT-2026-36805
Name of the Vulnerable Software and Affected Versions Pluck CMS versions prior to 4.7.21dev Description A Cross Site Scripting issue allows a remote attacker to escalate privileges. This occurs through the 'editpage.php' endpoint and the sanitizePageContent function. Recommendations Update to...
CVE-2021-27984
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2020-29607 — Pluck CMS Authenticated remote code executio...
📄 PluckCMS 4.7.10 Shell Upload
PluckCMS version 4.7.10 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : PluckCMS 4.7.10 Unrestricted File Upload RCE | | Author : indoushka | |...
CVE-2021-31747
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...
CVE-2021-31745
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation...
CVE-2021-31746
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution...
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...
CVE-2019-11344
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...
CVE-2020-24740
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...
📄 Pluck 4.7.7-dev2 Remote Code Execution
Pluck version 4.7.7-dev2 suffers from a remote code execution vulnerability. Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5...
Pluck 4.7.7-dev2 - PHP Code Execution
Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5 Tested on: Ubuntu Windows CVE : CVE-2018-11736 PoC: 1) 1. Log in to the Pluck...
📄 PluckCMS 4.7.10 Arbitrary File Upload
PluckCMS version 4.7.10 suffers from an arbitrary file upload vulnerability. Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.1...