Pluck@* Security Vulnerabilities and Issues — Pluck@* CVE List

Lucene search

Pluck-cmsPluck*

4 matches found

CVE•added 2018/06/05 6:29 a.m.•35 views

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.

9.8CVSS9.7AI score0.00864EPSS

CVE•added 2018/02/18 3:29 a.m.•35 views

CVE-2018-7197

An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.

6.1CVSS5.8AI score0.00384EPSS

CVE•added 2018/05/21 9:29 p.m.•32 views

CVE-2018-11330

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.

4.8CVSS4.7AI score0.00265EPSS

CVE•added 2018/05/21 9:29 p.m.•32 views

CVE-2018-11331

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.

9.8CVSS9.8AI score0.0078EPSS