Vulnerabilities > Pluck CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-13 | CVE-2022-26589 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | 6.5 |
2022-03-30 | CVE-2022-27432 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | 8.8 |
2022-03-18 | CVE-2022-26965 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.16 In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 7.2 |
2021-12-10 | CVE-2021-27984 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15 In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | 8.1 |
2021-12-10 | CVE-2021-31747 | Improper Certificate Validation vulnerability in Pluck-Cms Pluck 4.7.15 Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | 4.8 |
2021-12-10 | CVE-2021-31745 | Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15 Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. | 7.5 |
2021-12-10 | CVE-2021-31746 | Path Traversal vulnerability in Pluck-Cms Pluck 4.7.15 Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. | 9.8 |
2021-05-18 | CVE-2020-20951 | Command Injection vulnerability in Pluck-Cms Pluck 4.7.10 In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | 9.8 |
2021-05-18 | CVE-2020-24740 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.10 An issue was discovered in Pluck 4.7.10-dev2. | 4.3 |
2021-05-17 | CVE-2020-18195 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | 8.8 |