A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows malicious users to delete arbitrary pages.
pluck-cms pluck 4.7.15