Pluck Security Vulnerabilities and Issues — Pluck CVE List

Lucene search

Pluck-cmsPluck

6 matches found

CVE•added 2023/09/16 11:15 p.m.•37 views

CVE-2023-5013

A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')</script> leads to cross ...

5.4CVSS4.3AI score0.0007EPSS

CVE•added 2017/03/17 2:59 p.m.•32 views

CVE-2014-8706

Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an...

5.3CVSS5.1AI score0.00244EPSS

CVE•added 2021/12/10 7:15 p.m.•30 views

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

5.8CVSS5AI score0.00102EPSS

CVE•added 2018/09/12 4:29 p.m.•29 views

CVE-2018-16729

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2018/12/04 4:29 p.m.•26 views

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2017/03/17 2:59 p.m.•25 views

CVE-2014-8707

Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.

5.4CVSS5AI score0.0016EPSS