RSS   Vulnerabilities for 'Pluck'   RSS

2022-04-13
 
CVE-2022-26589

CWE-352
 

 
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.

 
2022-03-30
 
CVE-2022-27432

CWE-352
 

 
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.

 
2022-03-18
 
CVE-2022-26965

CWE-434
 

 
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.

 
2021-12-10
 
CVE-2021-27984

CWE-434
 

 
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.

 
 
CVE-2021-31747

CWE-295
 

 
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

 
 
CVE-2021-31745

CWE-384
 

 
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.

 
 
CVE-2021-31746

CWE-22
 

 
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.

 
2021-05-18
 
CVE-2020-20951

CWE-77
 

 
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.

 
 
CVE-2020-24740

CWE-352
 

 
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage

 
2021-05-17
 
CVE-2020-18195

CWE-352
 

 
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."

 


Copyright 2024, cxsecurity.com

 

Back to Top