Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25828
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which...
Pluck-cms Pluck 4.7.16
Pluck-cms Pluck
1 Github repository
NA
CVE-2023-27082
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 up to and including 4.7.16-dev4 allows remote malicious users to run arbitrary code via upload of crafted html file.
Pluck-cms Pluck 4.7.16
Pluck-cms Pluck
NA
CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 up to and including 4.7.16-dev5 allows remote malicious users to run arbitrary code via manage file functionality.
Pluck-cms Pluck 4.7.16
Pluck-cms Pluck
7.5
CVSSv2
CVE-2018-11736
An issue exists in Pluck prior to 4.7.7-dev2. /data/inc/images.php allows remote malicious users to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
Pluck-cms Pluck
Pluck-cms Pluck 4.7.7
6.5
CVSSv2
CVE-2020-21564
An issue exists in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.
Pluck-cms Pluck 4.7.10
Pluck-cms Pluck 4.7.11
6.5
CVSSv2
CVE-2020-29607
A file upload restriction bypass vulnerability in Pluck CMS prior to 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Pluck-cms Pluck
3 Github repositories
4.3
CVSSv2
CVE-2018-7197
An issue exists in Pluck up to and including 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
Pluck-cms Pluck
1 Github repository
2.6
CVSSv2
CVE-2008-3574
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) t...
Pluck Pluck 4.5.2
1 EDB exploit
5
CVSSv2
CVE-2007-4180
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote malicious users to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because th...
Pluck Pluck 4.3
6.8
CVSSv2
CVE-2007-4181
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicabl...
Pluck Pluck 4.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »