Bgreen7887

**Name of the Vulnerable Software and Affected Versions** Pluck versions prior to 4.7.6 **Description** An issue was discovered that allows authenticated stored XSS due to the character set for filenames not being properly restricted. **Recommendations** For versions prior to 4.7.6, update to version 4.7.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pluck versions prior to 4.7.6 **Description** An issue in the software allows for remote PHP code execution due to a missing set of disallowed file types for uploads, including .phtml and .htaccess. **Recommendations** For versions prior to 4.7.6, update to version 4.7.6 or later to resolve the issue. As a temporary workaround, consider restricting upload file types to prevent potential exploitation.