Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms pluck vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-9051
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
Pluck-cms Pluck 4.7.9
6.5
CVSSv3
CVE-2019-9052
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
Pluck-cms Pluck 4.7.9
7.5
CVSSv3
CVE-2021-31745
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an malicious user to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs re...
Pluck-cms Pluck 4.7.15
4.8
CVSSv3
CVE-2021-31747
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
Pluck-cms Pluck 4.7.15
9.8
CVSSv3
CVE-2019-11344
data/inc/files.php in Pluck 4.7.8 allows remote malicious users to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked.
Pluck-cms Pluck 4.7.8
7.2
CVSSv3
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
Pluck-cms Pluck 4.7.16
3 Github repositories
NA
CVE-2012-1227
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote malicious users to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an ...
Pluck-cms Pluck 4.7
5.4
CVSSv3
CVE-2023-5013
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input <script>alert('xss')&l...
Pluck-cms Pluck 4.7.18
9.8
CVSSv3
CVE-2021-31746
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an malicious user to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.
Pluck-cms Pluck 4.7.15
8.8
CVSSv3
CVE-2020-18195
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
Pluck-cms Pluck 4.7.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »