Pluck Security Vulnerabilities and Issues — Pluck CVE List

Lucene search

Pluck-cmsPluck

3 matches found

CVE•added 2023/06/26 8:15 p.m.•49 views

CVE-2023-27082

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.

4.8CVSS5.1AI score0.00037EPSS

CVE•added 2018/05/21 9:29 p.m.•32 views

CVE-2018-11330

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.

4.8CVSS4.7AI score0.00265EPSS

CVE•added 2021/05/18 4:15 p.m.•25 views

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage

4.3CVSS4.6AI score0.00117EPSS