Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms pluck 4.7.16 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25828
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which...
Pluck-cms Pluck 4.7.16
Pluck-cms Pluck
1 Github repository
NA
CVE-2023-27082
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 up to and including 4.7.16-dev4 allows remote malicious users to run arbitrary code via upload of crafted html file.
Pluck-cms Pluck 4.7.16
Pluck-cms Pluck
NA
CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 up to and including 4.7.16-dev5 allows remote malicious users to run arbitrary code via manage file functionality.
Pluck-cms Pluck 4.7.16
Pluck-cms Pluck
6.5
CVSSv2
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
Pluck-cms Pluck 4.7.16
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started