Vulnerabilities > Pluck CMS > Pluck > 4.7.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-27082 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16 Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. | 4.8 |
| 2023-06-22 | CVE-2023-27083 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16 An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | 7.2 |
| 2023-03-27 | CVE-2023-25828 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. | 7.2 |
| 2022-03-18 | CVE-2022-26965 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.16 In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 7.2 |