Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pluck-cms pluck 4.7.7 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11736
An issue exists in Pluck prior to 4.7.7-dev2. /data/inc/images.php allows remote malicious users to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.
Pluck-cms Pluck
Pluck-cms Pluck 4.7.7
8.8
CVSSv3
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
Pluck-cms Pluck 4.7.7
5.4
CVSSv3
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
Pluck-cms Pluck 4.7.7
5.4
CVSSv3
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
Pluck-cms Pluck 4.7.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started