Plentico Plenti vulnerabilities
2 known vulnerabilities affecting plentico/plenti.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-49380P1HIGHCVSS 7.5ExploitedPoCfixed in 0.7.22024-10-25
CVE-2024-49380 [HIGH] CWE-74 CVE-2024-49380: Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.
nvd
CVE-2024-49381P3HIGHCVSS 7.5fixed in 0.7.22024-10-25
CVE-2024-49381 [HIGH] CWE-74 CVE-2024-49381: Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.
nvd