CVE-2020-24740

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.10-dev2

Description: An issue was discovered that allows a CSRF vulnerability, enabling the editing of pages via the "/admin.php?action=editpage" API endpoint. This issue can potentially be exploited to modify pages without proper authorization.

Recommendations: For Pluck version 4.7.10-dev2, as a temporary workaround, consider disabling the editpage functionality in the /admin.php?action=editpage endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.