Pluck Security Vulnerabilities and Issues — Pluck CVE List

Lucene search

Pluck-cmsPluck

7 matches found

CVE•added 2022/03/30 12:15 a.m.•101 views

CVE-2022-27432

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.

8.8CVSS8.8AI score0.00129EPSS

CVE•added 2021/05/17 10:15 p.m.•63 views

CVE-2020-18198

Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."

8.8CVSS9.1AI score0.00346EPSS

CVE•added 2021/05/17 10:15 p.m.•61 views

CVE-2020-18195

Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."

8.8CVSS9.1AI score0.00346EPSS

CVE•added 2023/12/14 3:15 p.m.•59 views

CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

8.8CVSS8.8AI score0.1912EPSS

CVE•added 2018/12/04 4:29 p.m.•35 views

CVE-2018-16634

Pluck v4.7.7 allows CSRF via admin.php?action=settings.

8.8CVSS8.7AI score0.00141EPSS

CVE•added 2020/09/30 6:15 p.m.•34 views

CVE-2020-21564

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.

8.8CVSS8.8AI score0.0382EPSS

CVE•added 2021/12/10 7:15 p.m.•27 views

CVE-2021-27984

In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.

8.1CVSS8.1AI score0.04249EPSS