In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
pluck-cms pluck 4.7.15