Vulnerabilities > Pluck CMS

DATE CVE VULNERABILITY TITLE RISK
2022-04-13 CVE-2022-26589 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
network
low complexity
pluck-cms CWE-352
6.5
2022-03-30 CVE-2022-27432 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.
network
low complexity
pluck-cms CWE-352
8.8
2022-03-18 CVE-2022-26965 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.16
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
network
low complexity
pluck-cms CWE-434
7.2
2021-12-10 CVE-2021-27984 Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
network
high complexity
pluck-cms CWE-434
8.1
2021-12-10 CVE-2021-31747 Improper Certificate Validation vulnerability in Pluck-Cms Pluck 4.7.15
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
network
high complexity
pluck-cms CWE-295
4.8
2021-12-10 CVE-2021-31745 Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform.
network
low complexity
pluck-cms CWE-384
7.5
2021-12-10 CVE-2021-31746 Path Traversal vulnerability in Pluck-Cms Pluck 4.7.15
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.
network
low complexity
pluck-cms CWE-22
critical
9.8
2021-05-18 CVE-2020-20951 Command Injection vulnerability in Pluck-Cms Pluck 4.7.10
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
network
low complexity
pluck-cms CWE-77
critical
9.8
2021-05-18 CVE-2020-24740 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.10
An issue was discovered in Pluck 4.7.10-dev2.
network
low complexity
pluck-cms CWE-352
4.3
2021-05-17 CVE-2020-18195 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
network
low complexity
pluck-cms CWE-352
8.8