Vulnerabilities > Pluck CMS > Pluck
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-50564 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.18 An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. | 8.8 |
| 2023-09-16 | CVE-2023-5013 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.18 A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. | 5.4 |
| 2023-06-26 | CVE-2023-27082 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16 Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. | 4.8 |
| 2023-06-22 | CVE-2023-27083 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16 An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | 7.2 |
| 2023-06-20 | CVE-2020-20918 | Code Injection vulnerability in Pluck-Cms Pluck 4.7.10 An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. | 7.2 |
| 2023-06-20 | CVE-2020-20919 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10 File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. | 7.2 |
| 2023-06-20 | CVE-2020-20969 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10 File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | 7.2 |
| 2023-03-27 | CVE-2023-25828 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. | 7.2 |
| 2022-04-13 | CVE-2022-26589 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | 6.5 |
| 2022-03-30 | CVE-2022-27432 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | 6.8 |