Pluck@4.7.15 Security Vulnerabilities and Issues — Pluck@4.7.15 CVE List

Lucene search

Pluck-cmsPluck4.7.15

6 matches found

CVE•added 2022/03/30 12:15 a.m.•101 views

CVE-2022-27432

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.

8.8CVSS8.8AI score0.00129EPSS

CVE•added 2022/04/13 12:15 a.m.•68 views

CVE-2022-26589

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.

6.5CVSS6.5AI score0.00153EPSS

CVE•added 2021/12/10 6:15 p.m.•37 views

CVE-2021-31745

Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempt...

7.5CVSS7.4AI score0.00346EPSS

CVE•added 2021/12/10 6:15 p.m.•33 views

CVE-2021-31746

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.

9.8CVSS9.7AI score0.01381EPSS

CVE•added 2021/12/10 7:15 p.m.•30 views

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

5.8CVSS5AI score0.00102EPSS

CVE•added 2021/12/10 7:15 p.m.•27 views

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.

8.1CVSS8.1AI score0.04249EPSS