Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

pluck-cms pluck 4.7.15 vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2021-31746
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an malicious user to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.
Pluck-cms Pluck 4.7.15
4.8
CVSSv3
CVE-2021-31747
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
Pluck-cms Pluck 4.7.15
8.1
CVSSv3
CVE-2021-27984
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.15
7.5
CVSSv3
CVE-2021-31745
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an malicious user to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs re...
Pluck-cms Pluck 4.7.15
8.8
CVSSv3
CVE-2022-27432
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to change the password of any given user by exploiting this feature leading to account takeover.
Pluck-cms Pluck 4.7.15
6.5
CVSSv3
CVE-2022-26589
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to delete arbitrary pages.
Pluck-cms Pluck 4.7.15
7.2
CVSSv3
CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 up to and including 4.7.16-dev5 allows remote malicious users to run arbitrary code via manage file functionality.
Pluck-cms Pluck 4.7.16Pluck-cms Pluck
4.8
CVSSv3
CVE-2023-27082
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 up to and including 4.7.16-dev4 allows remote malicious users to run arbitrary code via upload of crafted html file.
Pluck-cms Pluck 4.7.16Pluck-cms Pluck
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook