Ashish Koli

**Name of the Vulnerable Software and Affected Versions** Pluck version 4.7.16 **Description** The issue allows an admin user to perform remote code execution using the theme upload functionality. This is achieved through the "/admin.php?action=themeinstall" endpoint. **Recommendations** For Pluck version 4.7.16, consider disabling the theme upload functionality at the "/admin.php?action=themeinstall" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.