CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

CVE-2019-11344

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

EUVD-2018-3368

Malware in sbrugna...

EUVD-2020-13730

Malware in sbrugna...

EUVD-2018-8438

Malware in sbrugna...

EUVD-2018-3367

Malware in sbrugna...

EUVD-2018-18939

Malware in sbrugna...

EUVD-2018-3755

Malware in sbrugna...

CVE-2020-20951

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

CVE-2018-11330

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...

PT-2021-10562 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.10-dev2 Description: A remote command execution issue exists in the admin background when uploading files. Recommendations: For Pluck version 4.7.10-dev2, as a temporary workaround, consider restricting file uploads in the...