F1Sh1001

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.10-dev2 Description: A remote command execution issue exists in the admin background when uploading files. Recommendations: For Pluck version 4.7.10-dev2, as a temporary workaround, consider restricting file uploads in the admin background until a patch is available.

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.10-dev2 Description: An issue was discovered that allows a CSRF vulnerability, enabling the editing of pages via the "/admin.php?action=editpage" API endpoint. This issue can potentially be exploited to modify pages without proper authorization. Recommendations: For Pluck version 4.7.10-dev2, as a temporary workaround, consider disabling the editpage functionality in the /admin.php?action=editpage endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.