Vulnerabilities > Pluck CMS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-16 | CVE-2024-43042 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pluck-Cms Pluck 4.7.18 Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | 9.8 |
| 2023-06-20 | CVE-2020-20718 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms 4.7.10 File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | 9.8 |
| 2021-05-18 | CVE-2020-20951 | Command Injection vulnerability in Pluck-Cms Pluck 4.7.10 In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | 9.8 |