📦 Pluck
by Pluck Cms
🔍 What is Pluck?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Pluck CMS 4.7.18 lacks rate limiting on login attempts, allowing attackers to perform brute force attacks against admin credentials. This affects all Pluck CMS 4.7.18 installations with default config...
CVE-2021-31746 is a Zip Slip vulnerability in Pluck-CMS that allows attackers to upload malicious zip files containing directory traversal paths. When extracted, these files can overwrite system files...
This vulnerability allows remote attackers to execute arbitrary commands on Pluck CMS servers through file upload functionality in the admin panel. It affects Pluck CMS version 4.7.10-dev2 specificall...
This vulnerability allows attackers to upload arbitrary ZIP files containing malicious code to Pluck-CMS, leading to remote code execution. Attackers can take full control of affected systems by explo...
This vulnerability allows remote attackers to upload malicious files through the theme.php file in Pluck CMS, potentially leading to arbitrary code execution and sensitive information disclosure. It a...
Pluck CMS has an authenticated remote code execution vulnerability in its albums module. Attackers with administrator credentials can upload malicious JPEG files containing embedded PHP code, leading ...
This CSRF vulnerability in Pluck CMS v4.7.15 allows attackers to trick authenticated users into unknowingly changing their passwords via malicious requests. Attackers can take over any user account by...
This vulnerability allows authenticated admin users in Pluck CMS 4.7.16 to upload malicious theme files through the theme installation functionality, leading to remote code execution. Attackers with a...
CVE-2021-31745 is a session fixation vulnerability in Pluck-CMS that allows attackers to maintain unauthorized access even after password resets. This affects Pluck-CMS administrators because the syst...
This CSRF vulnerability in Pluck CMS v4.7.9 allows attackers to trick authenticated administrators into performing unauthorized actions, specifically deleting articles via the admin interface. Any Plu...