Pluck-Cms Pluck vulnerabilities
43 known vulnerabilities affecting pluck-cms/pluck.
Total CVEs
43
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH17MEDIUM19
Vulnerabilities
Page 3 of 3
CVE-2023-27082P4MEDIUMCVSS 4.8≥ 4.7.15, < 4.7.16v4.7.162023-06-26
CVE-2023-27082 [MEDIUM] CWE-79 CVE-2023-27082: Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allow
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.
nvd
CVE-2014-8706P4MEDIUMCVSS 5.3v4.7.22017-03-17
CVE-2014-8706 [MEDIUM] CWE-200 CVE-2014-8706: Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID"
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message.
nvd
CVE-2020-24740P4MEDIUMCVSS 4.3v4.7.102021-05-18
CVE-2020-24740 [MEDIUM] CWE-352 CVE-2020-24740: An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
nvd
← Previous3 / 3