Pluck Cms · Pluck Cms · CVE-2026-31205
**Name of the Vulnerable Software and Affected Versions**
Pluck CMS versions prior to 4.7.21dev
**Description**
A Cross Site Scripting issue allows a remote attacker to escalate privileges. This occurs through the 'editpage.php' endpoint and the `sanitizePageContent()` function.
**Recommendations**
Update to version 4.7.21dev or later.
As a temporary workaround, restrict access to the 'editpage.php' endpoint or the `sanitizePageContent()` function to minimize the risk of exploitation.