Vulnerabilities > Pluck CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-16 | CVE-2023-5013 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.18 A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. | 5.4 |
| 2023-06-26 | CVE-2023-27082 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16 Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. | 4.8 |
| 2022-04-13 | CVE-2022-26589 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | 6.5 |
| 2022-03-30 | CVE-2022-27432 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | 6.8 |
| 2022-03-18 | CVE-2022-26965 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.16 In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 6.5 |
| 2021-12-10 | CVE-2021-31747 | Improper Certificate Validation vulnerability in Pluck-Cms Pluck 4.7.15 Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | 5.8 |
| 2021-12-10 | CVE-2021-31745 | Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15 Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. | 5.0 |
| 2021-05-18 | CVE-2020-24740 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.10 An issue was discovered in Pluck 4.7.10-dev2. | 4.3 |
| 2021-05-17 | CVE-2020-18195 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | 6.8 |
| 2021-05-17 | CVE-2020-18198 | Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9 Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | 6.8 |