Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2022-27432
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to change the password of any given user by exploiting this feature leading to account takeover.
Pluck-cms Pluck 4.7.15
5.8
CVSSv2
CVE-2019-9052
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
Pluck-cms Pluck 4.7.9
7.5
CVSSv2
CVE-2021-27984
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.15
6.8
CVSSv2
CVE-2012-1227
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote malicious users to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an ...
Pluck-cms Pluck 4.7
4.3
CVSSv2
CVE-2022-26589
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to delete arbitrary pages.
Pluck-cms Pluck 4.7.15
5.8
CVSSv2
CVE-2019-9048
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
Pluck-cms Pluck 4.7.9
5.8
CVSSv2
CVE-2019-9049
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
Pluck-cms Pluck 4.7.9
6.5
CVSSv2
CVE-2019-9050
An issue exists in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
Pluck-cms Pluck 4.7.9
5.8
CVSSv2
CVE-2019-9051
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
Pluck-cms Pluck 4.7.9
6.8
CVSSv2
CVE-2020-18195
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
Pluck-cms Pluck 4.7.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »