Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Pluck-cmsPluck

10 matches found

CVE
CVEadded 2022/04/13 12:15 a.m.68 views

CVE-2022-26589

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.

6.5CVSS6.5AI score0.00153EPSS
CVE
CVEadded 2009/07/02 10:30 a.m.44 views

CVE-2008-6842

Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.

6.8CVSS7.3AI score0.01488EPSS
CVE
CVEadded 2009/05/22 6:30 p.m.42 views

CVE-2009-1765

Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and...

6.8CVSS7.2AI score0.07663EPSS
CVE
CVEadded 2018/02/18 3:29 a.m.35 views

CVE-2018-7197

An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.

6.1CVSS5.8AI score0.00384EPSS
CVE
CVEadded 2019/02/23 7:29 p.m.34 views

CVE-2019-9051

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.

6.5CVSS6.4AI score0.00117EPSS
CVE
CVEadded 2019/02/23 7:29 p.m.33 views

CVE-2019-9052

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.

6.5CVSS6.4AI score0.00117EPSS
CVE
CVEadded 2009/02/24 6:30 p.m.31 views

CVE-2008-6253

Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.

6.8CVSS7.4AI score0.05649EPSS
CVE
CVEadded 2019/02/23 7:29 p.m.31 views

CVE-2019-9048

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.

6.5CVSS6.4AI score0.00117EPSS
CVE
CVEadded 2019/02/23 7:29 p.m.31 views

CVE-2019-9049

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.

6.5CVSS6.4AI score0.00117EPSS
CVE
CVEadded 2012/02/21 1:31 p.m.29 views

CVE-2012-1227

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) a...

6.8CVSS7.4AI score0.00132EPSS