In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
pluck-cms pluck 4.7.10