Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms pluck 4.7.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-11736
An issue exists in Pluck prior to 4.7.7-dev2. /data/inc/images.php allows remote malicious users to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
Pluck-cms Pluck
Pluck-cms Pluck 4.7.7
3.5
CVSSv2
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
Pluck-cms Pluck 4.7.7
3.5
CVSSv2
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
Pluck-cms Pluck 4.7.7
6.8
CVSSv2
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
Pluck-cms Pluck 4.7.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started