Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-27432
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to change the password of any given user by exploiting this feature leading to account takeover.
Pluck-cms Pluck 4.7.15
7.2
CVSSv3
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
Pluck-cms Pluck 4.7.16
3 Github repositories
4.8
CVSSv3
CVE-2021-31747
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
Pluck-cms Pluck 4.7.15
8.1
CVSSv3
CVE-2021-27984
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.15
7.5
CVSSv3
CVE-2021-31745
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an malicious user to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs re...
Pluck-cms Pluck 4.7.15
9.8
CVSSv3
CVE-2021-31746
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an malicious user to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.
Pluck-cms Pluck 4.7.15
9.8
CVSSv3
CVE-2020-20951
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
Pluck-cms Pluck 4.7.10
4.3
CVSSv3
CVE-2020-24740
An issue exists in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
Pluck-cms Pluck 4.7.10
8.8
CVSSv3
CVE-2020-18195
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
Pluck-cms Pluck 4.7.9
8.8
CVSSv3
CVE-2020-18198
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote malicious users to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
Pluck-cms Pluck 4.7.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »