CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9051
https://notcve.org/view.php?id=CVE-2019-9051
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar artículos mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9048
https://notcve.org/view.php?id=CVE-2019-9048
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar un tema (también conocido como "topic") mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9052
https://notcve.org/view.php?id=CVE-2019-9052
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. Se ha descubierto un problema en Pluck 4.7.9-dev1. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) que puede eliminar imágenes mediante un URI /admin.php? • https://github.com/pluck-cms/pluck/issues/69 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16634
https://notcve.org/view.php?id=CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings. Pluck v4.7.7 permite Cross-Site Request Forgery (CSRF) mediante admin.php?action=settings. • https://github.com/security-breachlock/CVE-2018-16634/blob/master/PLUCK_CSRF.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16633
https://notcve.org/view.php?id=CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. Pluck v4.7.7 permite Cross-Site Scripting (XSS) mediante el título de la página en admin.php?action=editpagepage=. • https://github.com/security-breachlock/CVE-2018-16633/blob/master/PLUCK_XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •