Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2021-27984
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.15
9.8
CVSSv3
CVE-2020-20718
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote malicious user to execute arbitrary code via a crafted image file to the the save_file() parameter.
Pluck-cms Pluckcms 4.7.10
8.8
CVSSv3
CVE-2020-18195
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
Pluck-cms Pluck 4.7.9
8.8
CVSSv3
CVE-2020-18198
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
Pluck-cms Pluck 4.7.9
7.5
CVSSv3
CVE-2021-31745
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an malicious user to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs re...
Pluck-cms Pluck 4.7.15
4.3
CVSSv3
CVE-2020-24740
An issue exists in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
Pluck-cms Pluck 4.7.10
7.2
CVSSv3
CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote malicious user to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
Pluck-cms Pluck 4.7.10
7.2
CVSSv3
CVE-2020-20919
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote malicious user to execute arbitrary code and access sensitive information via the theme.php file.
Pluck-cms Pluck 4.7.10
9.8
CVSSv3
CVE-2020-20951
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.10
5.4
CVSSv3
CVE-2023-5013
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')&l...
Pluck-cms Pluck 4.7.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »