Vulnerabilities > Pluck CMS > Pluck
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-30 | CVE-2020-21564 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10/4.7.11 An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. | 6.5 |
| 2019-04-19 | CVE-2019-11344 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.8 data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. | 7.5 |
| 2019-02-23 | CVE-2019-9052 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 5.8 |
| 2019-02-23 | CVE-2019-9051 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 5.8 |
| 2019-02-23 | CVE-2019-9050 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 6.5 |
| 2019-02-23 | CVE-2019-9049 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 5.8 |
| 2019-02-23 | CVE-2019-9048 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 An issue was discovered in Pluck 4.7.9-dev1. | 5.8 |
| 2018-12-04 | CVE-2018-16634 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.7 Pluck v4.7.7 allows CSRF via admin.php?action=settings. | 6.8 |
| 2018-12-04 | CVE-2018-16633 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7 Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. | 3.5 |
| 2018-09-12 | CVE-2018-16729 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7 Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | 3.5 |