Pluck Security Vulnerabilities and Issues — Pluck CVE List

Lucene search

Pluck-cmsPluck

4 matches found

CVE•added 2021/05/17 10:15 p.m.•64 views

CVE-2020-18198

Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."

8.8CVSS9.1AI score0.00346EPSS

CVE•added 2021/05/17 10:15 p.m.•61 views

CVE-2020-18195

Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."

8.8CVSS9.1AI score0.00346EPSS

CVE•added 2021/05/18 4:15 p.m.•30 views

CVE-2020-20951

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.

9.8CVSS9.5AI score0.07171EPSS

CVE•added 2021/05/18 4:15 p.m.•25 views

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage

4.3CVSS4.6AI score0.00117EPSS