CVE-2012-1227

Name of the Vulnerable Software and Affected Versions pluck version 4.7

Description The issue allows remote attackers to hijack the authentication of admins for various requests, including modifying the admin email address, modifying the blog title via a settings action, adding a page via an editpage action, or adding a category via the blog module.

Recommendations For pluck version 4.7, consider implementing proper CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the admin.php file and its associated actions to minimize the risk of exploitation.