Vulnerabilities > Pluck CMS

DATE CVE VULNERABILITY TITLE RISK
2024-08-16 CVE-2024-43042 Improper Restriction of Excessive Authentication Attempts vulnerability in Pluck-Cms Pluck 4.7.18
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
network
low complexity
pluck-cms CWE-307
critical
9.8
2023-12-14 CVE-2023-50564 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.18
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
network
low complexity
pluck-cms CWE-434
8.8
2023-09-16 CVE-2023-5013 Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.18
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic.
network
low complexity
pluck-cms CWE-79
5.4
2023-06-26 CVE-2023-27082 Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.
network
low complexity
pluck-cms CWE-79
4.8
2023-06-22 CVE-2023-27083 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.
network
low complexity
pluck-cms CWE-434
7.2
2023-06-20 CVE-2020-20718 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms 4.7.10
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
network
low complexity
pluck-cms CWE-434
critical
9.8
2023-06-20 CVE-2020-20918 Code Injection vulnerability in Pluck-Cms Pluck 4.7.10
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.
network
low complexity
pluck-cms CWE-94
7.2
2023-06-20 CVE-2020-20919 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
network
low complexity
pluck-cms CWE-434
7.2
2023-06-20 CVE-2020-20969 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
network
low complexity
pluck-cms CWE-434
7.2
2023-03-27 CVE-2023-25828 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module.
network
low complexity
pluck-cms CWE-434
7.2