Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2022-27432
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to change the password of any given user by exploiting this feature leading to account takeover.
Pluck-cms Pluck 4.7.15
516
VMScore
CVE-2019-9048
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
Pluck-cms Pluck 4.7.9
516
VMScore
CVE-2019-9049
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
Pluck-cms Pluck 4.7.9
578
VMScore
CVE-2019-9050
An issue exists in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
Pluck-cms Pluck 4.7.9
516
VMScore
CVE-2019-9051
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
Pluck-cms Pluck 4.7.9
516
VMScore
CVE-2019-9052
An issue exists in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
Pluck-cms Pluck 4.7.9
NA
CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows malicious users to execute arbitrary code via uploading a crafted ZIP file.
Pluck-cms Pluck 4.7.18
383
VMScore
CVE-2020-24740
An issue exists in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
Pluck-cms Pluck 4.7.10
580
VMScore
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
Pluck-cms Pluck 4.7.16
3 Github repositories
383
VMScore
CVE-2022-26589
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to delete arbitrary pages.
Pluck-cms Pluck 4.7.15
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »