Pluck@4.7.16 Security Vulnerabilities and Issues — Pluck@4.7.16 CVE List

Lucene search

Pluck-cmsPluck4.7.16

4 matches found

CVE•added 2022/03/18 7:15 a.m.•94 views

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.

7.2CVSS7.3AI score0.22714EPSS

CVE•added 2023/03/27 5:15 p.m.•57 views

CVE-2023-25828

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...

7.2CVSS7.4AI score0.00435EPSS

CVE•added 2023/06/26 8:15 p.m.•49 views

CVE-2023-27082

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.

4.8CVSS5.1AI score0.00037EPSS

CVE•added 2023/06/22 8:15 p.m.•30 views

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.

7.2CVSS7.2AI score0.00279EPSS